v6.2.0 armv7m: savevm fails assertion

Host environment

• Operating system: NixOS 21.11
• OS/kernel version: Linux 5.15.12 #1-NixOS SMP Wed Dec 29 11:29:03 UTC 2021 x86_64 GNU/Linux
• Architecture: x86_64
• QEMU flavor: qemu-system-arm
• QEMU version: 6.2.50 (v6.2.0-538-g7d4ae4d4)
• QEMU command line:

  qemu-system-arm -machine mps2-an385 -monitor stdio -drive file=dummy.qcow2 -S

Emulated environment

• Operating system: any/none
• OS/kernel version: any/none
• Architecture: ARM (armv7m)

Description of problem

Trying to take a snapshot on some arm machines just fails an assertion, while some work fine.
e.g. mps2-an385 and stm32vldiscovery don't work, while e.g. raspi0 does.

$ build/qemu-system-arm -machine mps2-an385 -monitor stdio -drive file=dummy.qcow2 -S 
QEMU 6.1.50 monitor - type 'help' for more information
(qemu) VNC server running on ::1:5900
savevm test
qemu-system-arm: ../migration/vmstate.c:363: vmstate_save_state_v: Assertion `first_elem || !n_elems || !size' failed.
[1]    631940 IOT instruction (core dumped)  build/qemu-system-arm -machine mps2-an385 -monitor stdio -drive  -S

This happens with or without a kernel (so -S is optional, if a kernel is present).

Steps to reproduce

1. Create some image for snapshots (once): qemu-img create -f qcow2 dummy.qcow2 32M
2. qemu-system-arm -machine mps2-an385 -monitor stdio -drive file=dummy.qcow2 -S
3. In monitor: savevm something

Additional information

Bisect indicates the Problem first presented itself in commit d5093d96 by @pm215.
This led me to test stm32vldiscovery, which also includes armv7m.h and fails, while some others don't.