Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1339196

Summary: qemu-kvm (on target host) killed by SIGABRT when migrating a guest from AMD host to Intel host.
Product: Red Hat Enterprise Linux 7 Reporter: Fangge Jin <fjin>
Component: qemu-kvm-rhevAssignee: Dr. David Alan Gilbert <dgilbert>
Status: CLOSED ERRATA QA Contact: Qianqian Zhu <qizhu>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: chayang, dyuan, fjin, hhan, juzhang, knoel, mrezanin, mzhan, qizhu, virt-maint, yafu, zpeng
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.6.0-18.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-07 21:12:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1277679    
Attachments:
Description Flags
libvirtd log on target host
none
qemu log on target host
none
The mig test file none

Description Fangge Jin 2016-05-24 11:20:29 UTC 
Created attachment 1160986 [details]
libvirtd log on target host

Description of problem:
Migrate a guest from AMD host to Intel host, qemu process on target host crashed after the guest memory migration is 100% completed

Version-Release number of selected component:
libvirt-1.3.4-1.el7.x86_64
qemu-kvm-rhev-2.6.0-3.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Prepare two host:
1) AMD host
# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                2
On-line CPU(s) list:   0,1
Thread(s) per core:    1
Core(s) per socket:    2
Socket(s):             1
NUMA node(s):          1
Vendor ID:             AuthenticAMD
CPU family:            15
Model:                 107
Model name:            AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Stepping:              2
CPU MHz:               2700.000
BogoMIPS:              5411.44
Virtualization:        AMD-V
L1d cache:             64K
L1i cache:             64K
L2 cache:              512K
NUMA node0 CPU(s):     0,1

2) Intel host
# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                8
On-line CPU(s) list:   0-7
Thread(s) per core:    2
Core(s) per socket:    4
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 58
Model name:            Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Stepping:              9
CPU MHz:               3199.585
BogoMIPS:              6784.63
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              8192K
NUMA node0 CPU(s):     0-7

2.Compute cpu baseline:
On both hosts, get host cpu capabilities by "virsh capabilities", copy capabilites->host->cpu part from the output of "virsh capabilities" into a file(remove the Vendor line), and compute cpu baseline of two hosts:
# cat /tmp/cpubase
    <cpu>
      <arch>x86_64</arch>
      <model>Opteron_G2</model>
      <topology sockets='1' cores='2' threads='1'/>
      <feature name='3dnowprefetch'/>
      <feature name='cr8legacy'/>
      <feature name='extapic'/>
      <feature name='cmp_legacy'/>
      <feature name='3dnow'/>
      <feature name='3dnowext'/>
      <feature name='fxsr_opt'/>
      <feature name='mmxext'/>
      <feature name='ht'/>
      <feature name='vme'/>
      <pages unit='KiB' size='4'/>
      <pages unit='KiB' size='2048'/>
    </cpu>
   <cpu>
      <arch>x86_64</arch>
      <model>IvyBridge</model>
      <topology sockets='1' cores='4' threads='2'/>
      <feature name='invtsc'/>
      <feature name='osxsave'/>
      <feature name='pcid'/>
      <feature name='pdcm'/>
      <feature name='xtpr'/>
      <feature name='tm2'/>
      <feature name='est'/>
      <feature name='smx'/>
      <feature name='vmx'/>
      <feature name='ds_cpl'/>
      <feature name='monitor'/>
      <feature name='dtes64'/>
      <feature name='pbe'/>
      <feature name='tm'/>
      <feature name='ht'/>
      <feature name='ss'/>
      <feature name='acpi'/>
      <feature name='ds'/>
      <pages unit='KiB' size='4'/>
      <pages unit='KiB' size='2048'/>
    </cpu>

# virsh cpu-baseline /tmp/cpubase
<cpu mode='custom' match='exact'>
  <model fallback='allow'>cpu64-rhel6</model>
  <feature policy='require' name='rdtscp'/>
  <feature policy='require' name='ht'/>
  <feature policy='require' name='vme'/>
</cpu>

3.On AMD host, prepare a guest with cpu element is same as the output of "virsh cpu-baseline /tmp/cpubase"
# virsh start rhel7.2

4.Migrate the guest to Intel host:
# virsh migrate rhel7.2 qemu+ssh://10.66.6.200/system --live --verbose
root.6.200's password:
root.6.200's password:
Migration: [100 %]error: internal error: early end of file from monitor, possible problem: warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
main_channel_lin

5. Check the qemu log on target host:
2016-05-24T08:19:42.168724Z qemu-kvm: warning: TSC frequency mismatch between VM and host, and TSC scaling unavailable
qemu-kvm: /builddir/build/BUILD/qemu-2.6.0/target-i386/kvm.c:1713: kvm_put_msrs: Assertion `ret == n' failed.

6. If I start guest on Intel host, then migrate it to AMD host, migration can succeed. Then migrate the guest back to AMD host, also succeed.

Actual results:
qemu-kvm (on target host) killed by SIGABRT

Expected results:
Migration succeeds from AMD host to Intel host.


Additional info:
The traceback of the crashed qemu process:
(gdb) t a a bt

Thread 10 (Thread 0x7f10bf807700 (LWP 19409)):
#0  0x00007f10c92a296d in nanosleep () from /lib64/libpthread.so.0
#1  0x00007f10c873da98 in g_usleep () from /lib64/libglib-2.0.so.0
#2  0x00007f10cff08e4c in call_rcu_thread (opaque=<optimized out>) at util/rcu.c:245
#3  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 9 (Thread 0x7f10cfa54c40 (LWP 19373)):
#0  0x00007f10c929f6d5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f10cfefa699 in qemu_cond_wait (cond=cond@entry=0x7f10d046a840 <qemu_work_cond>, mutex=mutex@entry=0x7f10d046a940 <qemu_global_mutex>) at util/qemu-thread-posix.c:123
#2  0x00007f10cfc61b4e in run_on_cpu (cpu=<optimized out>, func=<optimized out>, data=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:940
#3  0x00007f10cfc70f1f in kvm_cpu_synchronize_post_init (cpu=cpu@entry=0x7f10d2b84000) at /usr/src/debug/qemu-2.6.0/kvm-all.c:1820
#4  0x00007f10cfc6195a in cpu_synchronize_post_init (cpu=<optimized out>) at /usr/src/debug/qemu-2.6.0/include/sysemu/kvm.h:469
#5  cpu_synchronize_all_post_init () at /usr/src/debug/qemu-2.6.0/cpus.c:729
#6  0x00007f10cfc8a18e in qemu_loadvm_state (f=f@entry=0x7f10d22b0000) at /usr/src/debug/qemu-2.6.0/migration/savevm.c:2029
#7  0x00007f10cfe13f0b in process_incoming_migration_co (opaque=0x7f10d22b0000) at migration/migration.c:385
#8  0x00007f10cff09a8a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:78
#9  0x00007f10c792a110 in ?? () from /lib64/libc.so.6
#10 0x00007fff8165a4b0 in ?? ()
#11 0x0000000000000000 in ?? ()

Thread 8 (Thread 0x7f10945fe700 (LWP 19490)):
#0  0x00007f10c929f6d5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f10cfefa699 in qemu_cond_wait (cond=cond@entry=0x7f10d2296918, mutex=mutex@entry=0x7f10d22968f0) at util/qemu-thread-posix.c:123
#2  0x00007f10cfc83ca9 in do_data_decompress (opaque=0x7f10d22968e8) at /usr/src/debug/qemu-2.6.0/migration/ram.c:2195
#3  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 7 (Thread 0x7f10bc3ff700 (LWP 19431)):
#0  0x00007f10c929f6d5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f10cfefa699 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7f10d046a940 <qemu_global_mutex>) at util/qemu-thread-posix.c:123
#2  0x00007f10cfc61f13 in qemu_kvm_wait_io_event (cpu=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1030
#3  qemu_kvm_cpu_thread_fn (arg=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1069
#4  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#5  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 6 (Thread 0x7f10bbbfe700 (LWP 19433)):
#0  0x00007f10c929f6d5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f10cfefa699 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7f10d046a940 <qemu_global_mutex>) at util/qemu-thread-posix.c:123
#2  0x00007f10cfc61f13 in qemu_kvm_wait_io_event (cpu=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1030
---Type <return> to continue, or q <return> to quit---
#3  qemu_kvm_cpu_thread_fn (arg=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1069
#4  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#5  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 5 (Thread 0x7f1095fff700 (LWP 19443)):
#0  0x00007f10c79ceb7d in poll () from /lib64/libc.so.6
#1  0x00007f10ca704107 in red_worker_main () from /lib64/libspice-server.so.1
#2  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#3  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 4 (Thread 0x7f10bdc02700 (LWP 19426)):
#0  0x00007f10c92a1870 in sem_timedwait () from /lib64/libpthread.so.0
#1  0x00007f10cfefa7e7 in qemu_sem_timedwait (sem=sem@entry=0x7f10d2272888, ms=ms@entry=10000) at util/qemu-thread-posix.c:245
#2  0x00007f10cfe615fc in worker_thread (opaque=0x7f10d2272820) at thread-pool.c:92
#3  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f10bcc00700 (LWP 19430)):
#0  0x00007f10c929f6d5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f10cfefa699 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7f10d046a940 <qemu_global_mutex>) at util/qemu-thread-posix.c:123
#2  0x00007f10cfc61f13 in qemu_kvm_wait_io_event (cpu=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1030
#3  qemu_kvm_cpu_thread_fn (arg=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1069
#4  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#5  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f1094dff700 (LWP 19489)):
#0  0x00007f10c929f6d5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f10cfefa699 in qemu_cond_wait (cond=cond@entry=0x7f10d22968a0, mutex=mutex@entry=0x7f10d2296878) at util/qemu-thread-posix.c:123
#2  0x00007f10cfc83ca9 in do_data_decompress (opaque=0x7f10d2296870) at /usr/src/debug/qemu-2.6.0/migration/ram.c:2195
#3  0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f10c79d91cd in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f10bd401700 (LWP 19429)):
#0  0x00007f10c79185f7 in raise () from /lib64/libc.so.6
#1  0x00007f10c7919ce8 in abort () from /lib64/libc.so.6
#2  0x00007f10c7911566 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007f10c7911612 in __assert_fail () from /lib64/libc.so.6
#4  0x00007f10cfd2187c in kvm_put_msrs (cpu=cpu@entry=0x7f10d2b84000, level=level@entry=3) at /usr/src/debug/qemu-2.6.0/target-i386/kvm.c:1713
#5  0x00007f10cfd25679 in kvm_arch_put_registers (cpu=cpu@entry=0x7f10d2b84000, level=level@entry=3) at /usr/src/debug/qemu-2.6.0/target-i386/kvm.c:2577
#6  0x00007f10cfc707be in do_kvm_cpu_synchronize_post_init (arg=0x7f10d2b84000) at /usr/src/debug/qemu-2.6.0/kvm-all.c:1814
#7  0x00007f10cfc60382 in qemu_wait_io_event_common (cpu=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:989
#8  0x00007f10cfc61f2f in qemu_kvm_wait_io_event (cpu=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1034
#9  qemu_kvm_cpu_thread_fn (arg=<optimized out>) at /usr/src/debug/qemu-2.6.0/cpus.c:1069
#10 0x00007f10c929bdc5 in start_thread () from /lib64/libpthread.so.0
#11 0x00007f10c79d91cd in clone () from /lib64/libc.so.6
Comment 1 Fangge Jin 2016-05-24 11:21:29 UTC 
Created attachment 1160987 [details]
qemu log on target host
Comment 3 Dr. David Alan Gilbert 2016-06-02 18:53:23 UTC 
Hi Fangge,
  Can you try something for me on your pair of machines please;

On your AMD box:

/usr/libexec/qemu-kvm -nographic -machine pc-i440fx rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme -smp 4,sockets=4,cores=1,threads=1

then do ctrl-a c  and you should get a (qemu) prompt; at that prompt issue the command:

(qemu) migrate "exec:cat > /tmp/mig-test-file"

this should write a migration file.  Copy the file over to your Intel box,
and on there do:

/usr/libexec/qemu-kvm -nographic -machine pc-i440fx rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme -smp 4,sockets=4,cores=1,threads=1 -incoming "exec:cat /tmp/mig-test-file"

If it causes the same SIGABRT then please attach the mig-test-file to this bug.

Thanks,

Dave
Comment 4 Fangge Jin 2016-06-03 05:59:26 UTC 
(In reply to Dr. David Alan Gilbert from comment #3)
> Hi Fangge,
>   Can you try something for me on your pair of machines please;
> 
> On your AMD box:
> 
> /usr/libexec/qemu-kvm -nographic -machine pc-i440fx
> rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme
> -smp 4,sockets=4,cores=1,threads=1
> 
> then do ctrl-a c  and you should get a (qemu) prompt; at that prompt issue
> the command:
> 
> (qemu) migrate "exec:cat > /tmp/mig-test-file"
> 

I use the command without -nographic (because with this option, Ctrl-a c can't get a qemu prompt for me) and with -monitor stdio:

# /usr/libexec/qemu-kvm  -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme -smp 4,sockets=4,cores=1,threads=1  -monitor stdio
QEMU 2.6.0 monitor - type 'help' for more information
(qemu) warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
VNC server running on '::1;5900'

(qemu) migrate "exec:cat > /tmp/mig-test-file"
(qemu) 

> this should write a migration file.  Copy the file over to your Intel box,
> and on there do:
> 
> /usr/libexec/qemu-kvm -nographic -machine pc-i440fx
> rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme
> -smp 4,sockets=4,cores=1,threads=1 -incoming "exec:cat /tmp/mig-test-file"
> 
# /usr/libexec/qemu-kvm -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme -smp 4,sockets=4,cores=1,threads=1 -incoming "exec:cat /tmp/mig-test-file"
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
VNC server running on '::1;5900'
qemu-kvm: warning: TSC frequency mismatch between VM and host, and TSC scaling unavailable
qemu-kvm: /builddir/build/BUILD/qemu-2.6.0/target-i386/kvm.c:1713: kvm_put_msrs: Assertion `ret == n' failed.
Aborted (core dumped)

> If it causes the same SIGABRT then please attach the mig-test-file to this
> bug.
> 
> Thanks,
> 
> Dave
Comment 5 Fangge Jin 2016-06-03 06:00:10 UTC 
Created attachment 1164337 [details]
The mig test file
Comment 6 Dr. David Alan Gilbert 2016-06-03 09:13:54 UTC 
Thanks; I can recreate the bug here with that test file on my Intel boxes.
Comment 7 Dr. David Alan Gilbert 2016-06-03 12:36:17 UTC 
The problem seems to be MTRRphysMask1 MSR; the value the AMD is saving is 0xffff80000800, the Intel rejects this because it has bits set beyond it's physical address space size (36 bits).  I need to understand more what our normal solution is.
Comment 12 Miroslav Rezanina 2016-08-02 15:22:17 UTC 
Fix included in qemu-kvm-rhev-2.6.0-18.el7
Comment 14 Qianqian Zhu 2016-09-12 03:27:59 UTC 
Reproduced with:
qemu-kvm-rhev-2.6.0-3.el7.x86_64
kernel-3.10.0-495.el7.x86_64

Steps:
1. On AMD host:
# /usr/libexec/qemu-kvm  -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme -smp 4,sockets=4,cores=1,threads=1  -monitor stdio  -drive file=/mntnfs/RHEL-Server-7.3-64-virtio-scsi.qcow2,if=none,id=drive-virtio-blk0,format=qcow2,werror=stop,rerror=stop,cache=none -device virtio-scsi-pci,id=virtio-blk0 -device scsi-disk,drive=drive-virtio-blk0,bootindex=0,scsi-id=0,lun=0 -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432 -nodefaults
QEMU 2.5.94 monitor - type 'help' for more information
(qemu) warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.rdtscp [bit 27]
VNC server running on '::1;5900'

(qemu) migrate "exec:cat > /tmp/mig-test-file"

2. On Intel host:
# /usr/libexec/qemu-kvm  -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu cpu64-rhel6,+rdtscp,+ht,+vme -smp 4,sockets=4,cores=1,threads=1  -monitor stdio  -drive file=/mntnfs/RHEL-Server-7.3-64-virtio-scsi.qcow2,if=none,id=drive-virtio-blk0,format=qcow2,werror=stop,rerror=stop,cache=none -device virtio-scsi-pci,id=virtio-blk0 -device scsi-disk,drive=drive-virtio-blk0,bootindex=0,scsi-id=0,lun=0 -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432 -nodefaults -incoming "exec:cat /tmp/mig-test-file"
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
warning: host doesn't support requested feature: CPUID.01H:EDX.ht [bit 28]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.abm [bit 5]
warning: host doesn't support requested feature: CPUID.80000001H:ECX.sse4a [bit 6]
VNC server running on '::1;5900'
qemu-kvm: warning: TSC frequency mismatch between VM and host, and TSC scaling unavailable

Result:
Core dump:
qemu-kvm: /builddir/build/BUILD/qemu-2.6.0/target-i386/kvm.c:1713: kvm_put_msrs: Assertion `ret == n' failed.
Aborted (core dumped)

Verified with:
qemu-kvm-rhev-2.6.0-22.el7.x86_64
kernel-3.10.0-495.el7.x86_64

Steps same as above.
Result:
No core dump. Guest works well.

Moving to Verified.
Comment 16 errata-xmlrpc 2016-11-07 21:12:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2673.html