Previously, libvirt has contained a heuristic to determine the limit for maximal memory usage by a qemu process. If the limit was reached, kernel just killed the qemu process and hence the domain was killed as well. This, however, can't be guessed correctly. Never.
Domains were killed randomly.
The heuristic was dropped.
Domains aren't killed by kernel anymore.