diff --git a/target-arm/cpu.h b/target-arm/cpu.h
index 8098b8d3575514be4481daff67a72ae9c5d401c6..659b104608e372c4bd33ba047569ad7e9b870fc3 100644
--- a/target-arm/cpu.h
+++ b/target-arm/cpu.h
@@ -1255,7 +1255,14 @@ static inline bool arm_singlestep_active(CPUARMState *env)
 static inline void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
                                         target_ulong *cs_base, int *flags)
 {
-    int fpen = extract32(env->cp15.c1_coproc, 20, 2);
+    int fpen;
+
+    if (arm_feature(env, ARM_FEATURE_V6)) {
+        fpen = extract32(env->cp15.c1_coproc, 20, 2);
+    } else {
+        /* CPACR doesn't exist before v6, so VFP is always accessible */
+        fpen = 3;
+    }
 
     if (is_a64(env)) {
         *pc = env->pc;