QEMU 6.2.0: Segfault while calling address_space_init from emulated device

[Karthik Poduval]

Hi All,

I am trying to create a virtual mem2mem scaler device in QEMU (for the
purposes of writing a mem2mem driver tutorial). I created the mem2mem
device as shown here.
https://github.com/karthikpoduval/qemu/blob/scaler-bringup/hw/misc/m2m_scaler.c

I added this MMIO device to the arm virt.c (as shown here).
https://github.com/karthikpoduval/qemu/blob/scaler-bringup/hw/arm/virt.c#L1306

However while the device is getting created, there is a crash while
launching QEMU.
qemu-system-aarch64 -device
virtio-net-device,netdev=net0,mac=52:54:00:12:35:02 -netdev
user,id=net0,hostfwd=tcp::2222-:22,hostfwd=tcp::2323-:23,tftp=/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64
-object rng-random,filename=/dev/urandom,id=rng0 -device
virtio-rng-pci,rng=rng0 -drive
id=disk0,file=/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64/yoe-simple-image-qemuarm64-20220515002944.rootfs.ext4,if=none,format=raw
-device virtio-blk-device,drive=disk0 -device qemu-xhci -device
usb-tablet -device usb-kbd  -machine virt -cpu cortex-a57 -smp 4 -m
1024 -serial mon:stdio -serial null -nographic -device virtio-gpu-pci
-kernel 
/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/deploy/images/qemuarm64/Image--5.15.22+git0+2d38a472b2_7f685244af-r0.0-qemua
rm64-20220306152158.bin -append 'root=/dev/vda rw  mem=256M ip=dhcp
console=ttyAMA0 console=hvc0  '

Upon running gdb, the stack trace looks like.
Thread 1 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
0x0000555555d2f6d6 in memory_region_ref (mr=0x56becae0) at
../git/softmmu/memory.c:3005
3005        memory_region_ref(root);
(gdb) bt
#0  0x0000555555d2f6d6 in memory_region_ref (mr=0x56becae0) at
../git/softmmu/memory.c:3005
#1  address_space_init (as=0x5555570f8bb8, root=0x56becae0,
name=0x5555560a9620 "m2m-scaler-dma") at ../git/softmmu/memory.c:3005
#2  0x0000555555e0d5c8 in object_initialize_with_type
(obj=obj@entry=0x5555570f8750, size=size@entry=1360,
type=type@entry=0x555556a117d0) at ../git/qom/object.c:518
#3  0x0000555555e0d719 in object_new_with_type (type=0x555556a117d0)
at ../git/qom/object.c:733
#4  0x0000555555e08e3a in qdev_new (name=name@entry=0x5555560a95eb
"m2m_scaler") at ../git/hw/core/qdev.c:153
#5  0x000055555595cafa in sysbus_create_varargs
(name=name@entry=0x5555560a95eb "m2m_scaler", addr=addr@entry=0) at
../git/hw/core/sysbus.c:234
#6  0x0000555555adf1a1 in sysbus_create_simple (irq=<optimized out>,
addr=0, name=0x5555560a95eb "m2m_scaler")
    at 
/home/kpoduval/workspace/yoe-master-kpoduval/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/git/include/hw/sysbus.h:104
#7  create_m2m_scaler (vms=0x555556c31400) at ../git/hw/arm/virt.c:1317
#8  machvirt_init (machine=0x555556c31400) at ../git/hw/arm/virt.c:2239
#9  0x0000555555959929 in machine_run_board_init
(machine=0x555556c31400) at ../git/hw/core/machine.c:1187
#10 0x0000555555d3576f in qemu_init_board () at ../git/softmmu/vl.c:2656
#11 qmp_x_exit_preconfig (errp=<optimized out>) at ../git/softmmu/vl.c:2746
#12 qmp_x_exit_preconfig (errp=<optimized out>) at ../git/softmmu/vl.c:2739
#13 0x0000555555d38f3b in qemu_init (argc=<optimized out>,
argv=<optimized out>, envp=<optimized out>) at
../git/softmmu/vl.c:3777
#14 0x000055555588e1bd in main (argc=<optimized out>, argv=<optimized
out>, envp=<optimized out>) at ../git/softmmu/main.c:49

I was able to do the same thing in QEMU 5.1.0 do not know why this
does not work in QEMU 6.2.0. Kindly help me resolve this issue. I want
my device to have access to the entire system RAM (as thi emulated
device can read input image from DDR scale it and write back the input
image to DDR so it needs to have access to the entire DDR memory).

-- 
Regards,
Karthik Poduval