In case anybody is interested, ich9-usb-ehci1 can be used to crash QEMU: $ ./qemu-system-aarch64 -M virt -device ich9-usb-ehci1,helpqemu-system-aarch64: ../../devel/qemu/softmmu/physmem.c:1154: phys_section_add: Assertion `map->sections_nb < TARGET_PAGE_SIZE' failed.
Aborted (core dumped) Thomas
