In your "before the STR" image the guest CPU is in mode 0x13, which is Supervisor. In the image afterwards, it is in Abort mode (0x17). I think therefore that what has happened is that the memory address the code is trying to store to is not accessible, and the guest has taken a Data Abort exception, so in the second image you are looking at your guest's exception handler code for the data abort.
There is a long-standing bug where singlestepping an insn which takes an exception results in our stepping the insn at the exception vector entry point and then stopping, rather than stopping on the entry point, which may be confusing you here. (That's LP:757702.) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1805445 Title: QEMU arm virt machine was stopped by STMFD command while debug process Status in QEMU: New Bug description: Hello, i have a big problem with QEMU arm virtual machine. So... I run QEMU machine with bare-metal ThreadX fullflash from Texet TM-333 phone (Spreadtrum platform) [CODE]qemu-system-arm -S -gdb tcp::1234,ipv4 -drive file=C:\cygwin64\home\flash.bin,if=mtd,format=raw -M palmetto-bmc -cpu arm926 -m 64M[/CODE] I use palmetto-bmc platform because it have ARM926EJ-S core and support SPI Flash. Then, i attach to gdb qemu process from IDA and run code step-by-step. [IMG]https://pp.userapi.com/c847218/v847218546/13ec1c/iSIcre5-js4.jpg[/IMG] When the IDA run 00032534 STR R11, [R10] command [IMG]https://pp.userapi.com/c846416/v846416708/133f60/GQzxORvf4Tg.jpg[/IMG] instead of store R11 on R10 adress, it jump 000328DC STMFD SP!, {R0-R12,LR} instruction... [IMG]https://pp.userapi.com/c847218/v847218546/13ec26/32A0VcaJywg.jpg[/IMG] and virt machine not execute new instruction... [IMG]https://pp.userapi.com/c850624/v850624111/528f3/N7FTpgloWVU.jpg[/IMG] and why i did not change flash from n25q256a to n25q032a11 in aspeed.c without rebuild qemu? To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1805445/+subscriptions
