Description of problem: I connected device listed below and added it as a USB HOST because I wanted to have direct passthrough access to it. It seemed not to work when using the keyboard's utility software. So I tried to remove the USB HOST entry. The whole virtual machine froze. Then QEMU crashed completely. [root@fedora ~]# lsusb -v -d 1b80:b403 Bus 003 Device 002: ID 1b80:b403 Afatech Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x1b80 Afatech idProduct 0xb403 bcdDevice 0.78 iManufacturer 1 Kworld iProduct 2 GAMDIAS HERMES Gaming Keyboard iSerial 0 bNumConfigurations 1 Version-Release number of selected component: qemu-system-x86-1.6.2-1.fc20 Additional info: reporter: libreport-2.2.2 backtrace_rating: 4 cmdline: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name Win8.1 -S -machine pc-i440fx-1.4,accel=kvm,usb=off -m 3096 -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid 3915d501-fc1e-3345-0092-c5866a2d1591 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/Win8.1.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime -no-shutdown -boot menu=off -device nec-usb-xhci,id=usb,bus=pci.0,addr=0x8 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0,bootindex=1 -drive file=/media/2TB-Drive/KVM_VMs/Win8.1.40GB.qcow2,if=none,id=drive-virtio-disk1,format=qcow2 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=2 -netdev tap,fd=24,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:32:31:3f,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5900,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 crash_function: usb_handle_packet executable: /usr/bin/qemu-system-x86_64 kernel: 3.13.10-200.fc20.x86_64 runlevel: N 5 type: CCpp uid: 107 Truncated backtrace: Thread no. 1 (7 frames) #4 usb_handle_packet #5 xhci_kick_ep #6 access_with_adjusted_size #7 io_mem_write #8 address_space_rw #9 kvm_cpu_exec #10 qemu_kvm_cpu_thread_fn
Created attachment 892196 [details] File: backtrace
Created attachment 892197 [details] File: cgroup
Created attachment 892198 [details] File: core_backtrace
Created attachment 892199 [details] File: dso_list
Created attachment 892200 [details] File: environ
Created attachment 892201 [details] File: limits
Created attachment 892202 [details] File: maps
Created attachment 892203 [details] File: open_fds
Created attachment 892204 [details] File: proc_pid_status
Created attachment 892205 [details] File: var_log_messages
Does that same sequence of steps reliably reproduce the crash? Can you also provide /var/log/libvirt/qemu/$vmname.log, it might have some important messages.