Hello, There seems to be a double-free bug in libvirt; I've checked libvirt 0.9.12 and 1.2.3: With 0.9.12 xenUnifiedOpen() passes a pointer of "conn" to xenInotifyOpen(), which passes it to virEventAddHandle(...opaque=conn...). After successfully defining a new domain inotify picks up the newly created directory and generates an event, which is processes when virsh already dropped its last public reference to the domain and subsequently already freed the connection. Since *conn is not zero-filled, the data is still valid and usable, but virsh the terminates on double-freeing some internal data. I can reproduce by it doing: virsh undefine $DOM virsh -c xen:// define $DOM.xml For 1.2.3 something similar seems to happen with the keep-alive: $ grep unref ~/BUG/31032_virsh-define-segv.log virUnrefDomain:276 : unref domain 0x7f4ec4003fe0 ucs32-64-segv 1 virReleaseDomain:246 : unref connection 0x917650 2 virUnrefDomain:276 : unref domain 0x934460 ucs32-64-segv 1 virReleaseDomain:246 : unref connection 0x917650 2 virUnrefConnect:145 : unref connection 0x917650 1 virUnrefDomain:276 : unref domain 0x7f4ec4004060 ucs32-64-segv 1 virReleaseDomain:246 : unref connection 0x917650 1 Notice that there are two lines for "unref connection ... 1"! My gut feeling is that libvirt should also increment the reference counter for internal references to delay freeing still used data and add a second counter to track external references, which is used to start closing down things. Comments and ideas welcomed. We're tracking this as <https://forge.univention.org/bugzilla/show_bug.cgi?id=31032> Sincerely Philipp -- Philipp Hahn Open Source Software Engineer Univention GmbH be open. Mary-Somerville-Str. 1 D-28359 Bremen Tel.: +49 421 22232-0 Fax : +49 421 22232-99 hahn@univention.de http://www.univention.de/ Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876