Description of problem: When a domain with network interface connected to a bridge with macTableManager='libvirt' is paused without libvirt asking for it (e.g., because of an I/O error or at the end of migration) libvirt won't be able to resume it: virsh # resume nest error: Failed to resume domain nest error: error adding fdb entry for vnet0: File exists Version-Release number of selected component (if applicable): libvirt-4.5.0-10.el7 The same bug can also be reproduced with upstream 4.9.0 release. How reproducible: 100% Steps to Reproduce: 1. create a libvirt NAT network with <bridge name='kvm' stp='off' delay='0' macTableManager='libvirt'/> 2. create a domain with an interface connected to the network from step 1 3. start the domain 4. virsh qemu-monitor-command $DOM '{"execute":"stop"}' although unsupported, this is the easiest way to force QEMU to trigger the STOP event; it doesn't matter why the domain is paused except that it must not be done via qemuProcessStopCPUs 5. virsh resume $DOM Actual results: (DOM=nest) error: Failed to resume domain nest error: error adding fdb entry for vnet0: File exists Expected results: Successfully resumed domain. Additional info: The problem is qemuProcessStartCPUs tries to add the interface's MAC address to the bridge's FDB, which fails because the MAC address is already there. Pausing the domain via qemuProcessStopCPUs would have removed the entry. The same bug can even be hit with fake reboot: 1. same as above 2. same as above 3. same as above 4. virsh reboot --mode acpi $DOM The domain will be killed in this case because qemuProcessFakeReboot will fail to resume the CPUs after sending "system_reset" QMP command.
*** This bug has been marked as a duplicate of bug 1603155 ***