intel-iommu crash with FreeBSD guest

Host environment

  • Operating system: Fedora 41
  • OS/kernel version: Linux ip-172-31-41-17.eu-west-1.compute.internal 6.8.5-301.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 11 20:00:10 UTC 2024 x86_64 GNU/Linux
  • Architecture: x86/amd
  • QEMU flavor: qemu-system-x86_64
  • QEMU version: 9.1.2, git commit 7698afc4
  • QEMU command line: 
    qemu-system-x86_64  -accel kvm,kernel-irqchip=split  -hda FreeBSD-15.0-CURRENT-amd64-ufs.qcow2 -m 16G -M q35 -serial mon:stdio -device intel-iommu,intremap=on

Emulated/Virtualized environment

Description of problem

qemu-system-x86_64: ../hw/i386/intel_iommu.c:2836: vtd_process_wait_desc: Assertion `!(inv_desc->lo & VTD_INV_DESC_WAIT_IF)' failed.

Steps to reproduce

  1. Download and decompress https://download.freebsd.org/snapshots/VM-IMAGES/15.0-CURRENT/amd64/Latest/FreeBSD-15.0-CURRENT-amd64-ufs.qcow2.xz
  2. Create /boot/loader.conf.d/iommu.conf as follows:
root@freebsd:/boot/loader.conf.d # cat > iommu.conf
hw.dmar.enable=1
hw.dmar.ir=1
hw.dmar.qi=1
  1. Restart and see:
dmar0: <DMA remap> iomem 0xfed90000-0xfed90fff on acpi0
dmar0: regs@0xfed90000, ver=1.0, seg=0, flags=<0>
dmar0: cap=222f0606,d2008c<PSI,DWD,DRD>, ndoms=2, sagaw=6, mgaw=47, fro=34, nfr=1, superp=3, mamv=18
dmar0: ecap=f00f5a<QI,IR,EIM,PT>,0, mhmw=15, iro=15
msi: routing MSI-X IRQ 24 to local APIC 0 vector 49
msi: routing MSI-X IRQ 25 to local APIC 0 vector 50
qemu-system-x86_64: ../hw/i386/intel_iommu.c:2836: vtd_process_wait_desc: Assertion `!(inv_desc->lo & VTD_INV_DESC_WAIT_IF)' failed.
Aborted (core dumped)

Additional information

(gdb) p *inv_desc
$1 = {{lo = 4294967349, hi = 25893056}, {val = {4294967349, 25893056, 0, 0}}, {iec = {type = 5, granularity = 1, resved_1 = 1, index_mask = 0, index = 1, reserved_2 = 0}}}
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information