Hello, I am currently investigating a rare segfault in libvirt. I have attached a backtrace, the coredump is for s390x. I am currently trying to reproduce the segfault on x86 but it did not occur yet (timespan to short). This can be triggered by rapidly performing domain start/stop cycles in a tight loop and will trigger in the order of a couple weeks. I have come to the conclusion that there seems to be a race condition in the log manager client. When the log manager gets freed via virLogManagerFree() it (asynchronously) invokes virNetClientClose() and unrefs the associated client structure in virLogManager. If there are other threads waiting for data on the socket they will be woken up but because they rely on virLogManager holding a ref to the client we get a use-after-free. Can anyone verify this analysis and either provide a fix or at least give me some pointers in the right direction on how to further proceed for debugging? Should I open a bug for this? Best regards, Bjoern