Comment 5 for bug 1681439

> > ide_cancel_dma_sync() is also invoked from bmdma_cmd_writeb() and this
> > is in fact the code path taken when the assertion fails.
> >
>
> Yep, I wonder why your guest is trying to cancel DMA, though? Something
> else is probably going wrong first.

Beats me.

> Can you compile QEMU from a branch and let me know what kind of info it
> barfs out when it dies?
>
> https://github.com/jnsnow/qemu/commit/2baa57a58bba00a45151d8544cfd457197ecfa39
>
> Please make backups of your data as appropriate as this is a development
> branch not suitable for production use (etc etc etc!)
>
> It's just some dumb printfs so I can see what the device was up to when
> it decided to reset itself. I'm hoping that if I can see what command it
> is trying to cancel I can work out why it isn't getting canceled correctly.

It looks like the command being canceled when the assertion fails is
DSM, which explains why it does not happen with TRIM disabled (I retried
the test twice to make sure the canceled command is consistent; it is):

    $ tail -20 qemu.log

    == ide_cancel_dma_sync ==

    ATA Registers:
    cmd 0x06
    feature 0x01
    error 0x00
    nsector 0x00000001
    sector 0x00
    lcyl 0x00
    hcyl 0x00
    hob_feature 0x00
    hob_nsector 0x00
    hob_sector 0x00
    hob_lcyl 0x00
    hob_hcyl 0x00
    select 0x60
    status 0x58
    lba48 0x00000000
    qemu-system-x86_64: hw/ide/core.c:704: ide_cancel_dma_sync: Assertion `s->bus->dma->aiocb == NULL' failed.
    $ grep ^cmd qemu.log | sort | uniq -c
        128 cmd 0x06
     151854 cmd 0xc8
     217496 cmd 0xca

I am happy to help if any further debugging is required.