wrgsbase misemulated in x86_64-softmmu

qemu revision: cfe4cade054c0e0d00d0185cdc433a9e3ce3e2e4
command: ./qemu-system-x86_64 -m 2048 -nographic -net none -smp 4,threads=2 -machine q35 -kernel zircon.bin -cpu Haswell,+smap,-check -initrd bootdata.bin -append 'TERM=screen kernel.halt-on-panic=true '

On this revision, the VM reports CPUID.07H.0H.EBX[0] = 1.  In this VM, with CR4[16] set to 1, wrgsbase triggers #UD, which mismatches the behavior described in Intel's instruction reference.