I have seen the same or similar bug in a fresh compilation of libxml2 2.7.8. It seems however the crash is not related to generic error function setting, I get it also when I do not call xmlSetGenericErrorFunc() at all.

It seems the segfault appears when some error is reported in a background thread, in my case it was "Namespace prefix %s for %s on %s is not defined\n" reported from xmlParseStartTag2 at parser.c:9191

I was able to avoid the crash by changing the code in function xmlGenericErrorDefaultFunc() to avoid assigning to xmlGenericErrorContext, but using a local variable instead. It seems that xmlGenericErrorContext is a kind of thread-specific pseudovariable, and assigning to it does not really work:

xmlGenericErrorDefaultFunc (ctx=0x0, msg=0x7f9bca75cf43 "namespace ") at error.c:75
75              xmlGenericErrorContext = (void *) stderr;
(gdb) n
77          va_start(args, msg);
(gdb) p stderr
$14 = (struct _IO_FILE *) 0x7f9bdd0d2860
(gdb) p xmlGenericErrorContext
$15 = (void *) 0x7f9bb035fce0

It appears that the just saved value has changed to some garbage, and this is confirmed by vfprintf() a couple of lines later which is attempting to use xmlGenericErrorContext as a FILE* pointer and failing with a segfault.

The original bug about not calling the custom error handler is still present. The error handler has been set in the same background thread.

GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/libxml2/-/issues/

Thank you for your understanding and your help.