Bug 1265903

Description of problem:
Launch win2008r2 guest enable multiqueue;Delete the tap interface in host;then reboot guest,qemu core dumped. 
If disable multiqueue; no this issue

Version-Release number of selected component (if applicable):
host:(AMD)
3.10.0-319.el7.x86_64
qemu-kvm-1.5.3-104.el7.x86_64
guest:
win2008r2

How reproducible:
100%

Steps to Reproduce:
1.Boot guest, cli refer to the additional info.
2..Delete the corresponding tap interface in host:
# ip link delete tap0
3..Try to reboot the guest.


Actual results:
qemu core dumped:
(gdb) bt full
#0  0x00007ffff10e35f7 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff10e4ce8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff10dc566 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffff10dc612 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x0000555555756fca in virtio_net_set_queues (n=0x5555577ba7e8) at /usr/src/debug/qemu-1.5.3/hw/net/virtio-net.c:425
        i = 1
#5  0x00005555557571e3 in virtio_net_set_multiqueue (multiqueue=1, n=0x5555577ba7e8) at /usr/src/debug/qemu-1.5.3/hw/net/virtio-net.c:1218
        vdev = 0x5555577ba7e8
        i = <optimized out>
        max = <optimized out>
#6  virtio_net_set_features (vdev=<optimized out>, features=953391139) at /usr/src/debug/qemu-1.5.3/hw/net/virtio-net.c:485
        n = 0x5555577ba7e8
        __func__ = "virtio_net_set_features"
        i = <optimized out>
#7  0x0000555555760f8b in virtio_set_features (vdev=0x5555577ba7e8, val=953391139) at /usr/src/debug/qemu-1.5.3/hw/virtio/virtio.c:852
        qbus = <optimized out>
        __func__ = "virtio_set_features"
        vbusk = 0x555556d0e820
        k = 0x5555577b2500
        supported_features = <optimized out>
        bad = false
#8  0x00005555557657d3 in access_with_adjusted_size (addr=addr@entry=4, value=value@entry=0x7fffe715da88, size=4, access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x555555765cf0 <memory_region_write_accessor>, opaque=opaque@entry=0x5555577ba6a8) at /usr/src/debug/qemu-1.5.3/memory.c:365
        access_mask = 4294967295
        access_size = 4
        i = <optimized out>
#9  0x0000555555766a0f in memory_region_iorange_write (iorange=<optimized out>, offset=4, width=4, data=953391139) at /usr/src/debug/qemu-1.5.3/memory.c:440
        mrio = <optimized out>
        mr = 0x5555577ba6a8
        __PRETTY_FUNCTION__ = "memory_region_iorange_write"
#10 0x0000555555764abc in kvm_handle_io (count=1, size=4, direction=1, data=<optimized out>, port=49156) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1523
        i = 0
        ptr = 0x7ffff7ff2000 "#\230\323\070"
#11 kvm_cpu_exec (env=env@entry=0x5555575c0110) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1674
        cpu = 0x5555575c0000
        __func__ = "kvm_cpu_exec"
        run = 0x7ffff7ff1000
        ret = <optimized out>
        run_ret = <optimized out>
#12 0x00005555557173d5 in qemu_kvm_cpu_thread_fn (arg=0x5555575c0110) at /usr/src/debug/qemu-1.5.3/cpus.c:802
        env = 0x5555575c0110
        cpu = 0x5555575c0000
        __func__ = "qemu_kvm_cpu_thread_fn"
        r = <optimized out>
#13 0x00007ffff50f5dc5 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#14 0x00007ffff11a41cd in clone () from /lib64/libc.so.6
---Type <return> to continue, or q <return> to quit---
No symbol table info available.

Expected results:
No core dumped occurs.

Additional info:
/usr/libexec/qemu-kvm \
    -name BRIDGE \
    -S \
    -machine pc,accel=kvm,usb=off \
    -cpu Opteron_G5 \
    -m 4G \
    -realtime mlock=off \
    -smp 4,maxcpus=8 \
    -uuid fbf54917-5866-48f2-b3fb-5ce2ad294d93 \
    -no-user-config \
    -nodefaults \
    -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/rhel7cp1.0.monitor,server,nowait \
    -mon chardev=charmonitor,id=monitor,mode=control \
    -rtc base=utc,driftfix=slew \
    -global kvm-pit.lost_tick_policy=discard \
    -no-hpet \
    -no-shutdown \
    -global PIIX4_PM.disable_s3=1 \
    -global PIIX4_PM.disable_s4=1 \
    -boot strict=on \
    -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7 \
    -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6 \
    -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 \
    -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 \
    -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 \
    -drive file=/home/win2008sn1,snapshot=off,cache=none,if=none,id=drive-virtio-disk0,format=qcow2 \
    -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
    -netdev tap,id=hostnet0,vhost=on,queues=4 \
    -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:55:66:77:89:8d,bus=pci.0,addr=0x3,vectors=10,mq=on \
    -chardev pty,id=charserial0 \
    -device isa-serial,chardev=charserial0,id=serial0 \
    -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/rhel7cp1.0.org.qemu.guest_agent.0,server,nowait \
    -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 \
    -chardev spicevmc,id=charchannel1,name=vdagent \
    -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 \
    -device usb-tablet,id=input0 \
    -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2 \
    -chardev spicevmc,id=charredir0,name=usbredir \
    -device usb-redir,chardev=charredir0,id=redir0 \
    -chardev spicevmc,id=charredir1,name=usbredir \
    -device usb-redir,chardev=charredir1,id=redir1 \
    -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 \
    -msg timestamp=on \
    -monitor stdio \
    -qmp tcp:0:4567,server,nowait \
    -drive file=/usr/share/virtio-win/virtio-win.iso,if=none,media=cdrom,id=drive-ide1,format=raw \
    -device ide-drive,bus=ide.0,unit=1,drive=drive-ide1,id=ide1 \
    -vnc 0.0.0.0:1