[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[qianqiu]

** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #3224
   https://gitlab.com/qemu-project/qemu/-/issues/3224

** Also affects: qemu via
   https://gitlab.com/qemu-project/qemu/-/issues/3224
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  Unknown
Status in qemu package in Ubuntu:
  New

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Bug Watch Updater]

** Changed in: qemu
       Status: Unknown => New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

** Changed in: qemu (Ubuntu)
     Assignee: (unassigned) => Heinrich Schuchardt (xypron)

** Changed in: qemu (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  New

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

On Ubuntu 26.04 I used a Dockerfile:

# Ubuntu noble-riscv64-20251013
FROM ubuntu:noble@sha256:4fdf0125919d24aec972544669dcd7d6a26a8ad7e6561c73d5549bd6db258ac2

I could log into the container with

docker buildx build --platform linux/riscv64 -t lp2133188:latest .
docker run --platform linux/riscv64 -ti lp2133188:latest /bin/bash

I the created a Dockerfile

# Ubuntu resolute-riscv64-20251101
FROM ubuntu:resolute@sha256:e5bd70f715735ea3e9c95414af38151aaa6619b7393e254852a0a2c879685bb4

I build it with
docker buildx build --platform linux/riscv64 -t lp2133188:latest .

But when trying to log in with
docker run --platform linux/riscv64 -ti lp2133188:latest /bin/bash

But there was no console output

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Launchpad Bug Tracker]

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: qemu (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

Inside the noble image the following extension where shown in
/proc/cpuinfo:

rv64imafdcbvh_zic64b_zicbom_zicbop_zicboz_ziccamoa_ziccif_zicclsm_ziccrse_zicfilp_zicfiss_zicond_zicntr_zicsr_zifencei_zihintntl_zihintpause_zihpm_zimop_zmmul_za64rs_zaamo_zabha_zacas_zalrsc_zama16b_zawrs_zfa_zfbfmin_zfh_zfhmin_zca_zcb_zcd_zcmop_zba_zbb_zbc_zbkb_zbkc_zbkx_zbs_zk_zkn_zknd_zkne_zknh_zkr_zks_zksed_zksh_zkt_ztso_zvbb_zvbc_zve32f_zve32x_zve64f_zve64d_zve64x_zvfbfmin_zvfbfwma_zvfh_zvfhmin_zvkb_zvkg_zvkn_zvknc_zvkned_zvkng_zvknha_zvknhb_zvks_zvksc_zvksed_zvksg_zvksh_zvkt_sdtrig_shcounterenw_sha_shgatpa_shtvala_shvsatpa_shvstvala_shvstvecd_smaia_smcdeleg_smcntrpmf_smcsrind_smepmp_smmpm_smnpm_smstateen_ssaia_ssccfg_ssccptr_sscofpmf_sscounterenw_sscsrind_ssdbltrp_ssnpm_sspm_ssstateen_ssstrict_sstc_sstvala_sstvecd_ssu64xl_supm_smctr_ssctr_svadu_svinval_svnapot_svpbmt_svrsw60t59b_svvptc

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

In the noble Docker container I have been running the following program:


#include <stdio.h>
#include <stdint.h>

#define VECTOR_SIZE 8  // Number of 64-bit elements

void store_vector_values(int64_t* buffer) {
    int64_t values[VECTOR_SIZE] = {0x1000000000000001, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8};

    // Inline assembly to load values into the vector register and store them
    asm volatile (
        "vsetvli t0, zero, e64, m2;"   // Set vector length to 2 elements of 64 bits
        "vle64.v v0, (%0);"            // Load values into vector register v0
        "vse64.v v0, (%1);"            // Store the contents of v0 into the buffer
        :
        : "r"(values), "r"(buffer)     // Input operands
        : "v0", "t0", "memory"         // Clobbered registers
    );
}

int main() {
    int64_t buffer[VECTOR_SIZE] = {0}; // Buffer to store 64-bit values

    for (int i = 0; i < VECTOR_SIZE; i++) {
        printf("buffer[%d] = 0x%lx\n", i, buffer[i]);
    }
    store_vector_values(buffer);

    // Output the stored values for verification
    printf("Stored vector values:\n");
    for (int i = 0; i < VECTOR_SIZE; i++) {
        printf("buffer[%d] = 0x%lx\n", i, buffer[i]);
    }

    return 0;
}

And received this output:

./test
buffer[0] = 0x0
buffer[1] = 0x0
buffer[2] = 0x0
buffer[3] = 0x0
buffer[4] = 0x0
buffer[5] = 0x0
buffer[6] = 0x0
buffer[7] = 0x0
Stored vector values:
buffer[0] = 0x1000000000000001
buffer[1] = 0x2
buffer[2] = 0x3
buffer[3] = 0x4
buffer[4] = 0x0
buffer[5] = 0x0
buffer[6] = 0x0
buffer[7] = 0x0

So it seems that QEMU can emulate the vse64.v instruction. It is not
clear to me why for "m2" four elements are transferred and not two.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I have created RISC-V containers for Ubuntu 25.04, 25.10, and 26.10 as
follows:

sudo -s

wget http://cdimage.ubuntu.com/ubuntu-base/daily/current/resolute-base-riscv64.tar.gz
cat > Dockerfile_resolute << eof
FROM scratch
ADD resolute-base-riscv64.tar.gz /
CMD ["bash"]
eof
docker build -t lp2133188_resolute -f Dockerfile_resolute .
docker run -ti lp2133188_resolute /bin/bash


wget http://cdimage.ubuntu.com/ubuntu-base/releases/questing/release/ubuntu-base-25.10-base-riscv64.tar.gz
cat > Dockerfile_questing << eof
FROM scratch
ADD ubuntu-base-25.10-base-riscv64.tar.gz /
CMD ["bash"]
eof
docker build -t lp2133188_questing -f Dockerfile_questing .
docker run -ti lp2133188_questing /bin/bash


wget http://cdimage.ubuntu.com/ubuntu-base/releases/plucky/release/ubuntu-base-25.04-base-riscv64.tar.gz
cat > Dockerfile_plucky << eof
FROM scratch
ADD ubuntu-base-25.04-base-riscv64.tar.gz /
CMD ["bash"]
eof
docker build -t lp2133188_plucky -f Dockerfile_plucky .
docker run -ti lp2133188_plucky /bin/bash


In container lp2133188_resolute and lp2133188_questing /root is empty.
No prompt is shown when entering.
export PS1=$ has not effect.

Container lp2133188_plucky shows a console prompt 'root@817acf060fbf:/#'
defined by PS1.

So it seems we removed something between Plucky and Questing that is
needed for a proper console in Docker.

This seems to be the explanation for the observed error

   bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
   
seen in cmake which is not correctly handled.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I now created Docker images uses debootstrap:

sudo debootstrap --arch riscv64 --foreign resolute chroot/ http://ports.ubuntu.com/ubuntu-ports
sudo chroot chroot /debootstrap/debootstrap --second-stage
cat > Dockerfile_debootstrap_resolute << eof
FROM scratch
ADD chroot/ /
CMD ["bash"]
eof
sudo docker build -t debootstrap_resolute -f Dockerfile_debootstrap_resolute .
sudo docker run -ti debootstrap_resolute /bin/bash

rm -rf chroot/
sudo debootstrap --arch riscv64 --foreign plucky chroot/ http://ports.ubuntu.com/ubuntu-ports
sudo chroot chroot /debootstrap/debootstrap --second-stage
cat > Dockerfile_debootstrap_plucky << eof
FROM scratch
ADD chroot/ /
CMD ["bash"]
eof
sudo docker build -t debootstrap_plucky -f Dockerfile_debootstrap_plucky .
sudo docker run -ti debootstrap_plucky /bin/bash

Again with Resolute no prompt.
With Plucky a proper command line prompt.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I created a Docker image from out preinstalled RISC-V 26.04 image:

wget https://cdimage.ubuntu.com/ubuntu-server/daily-preinstalled/current/resolute-preinstalled-server-riscv64.img.xz
xz -d resolute-preinstalled-server-riscv64.img.xz
sudo kpartx -a -v resolute-preinstalled-server-riscv64.img
sudo mount /dev/mapper/loop*p1 /mnt
tar --transform "s/^\/mnt//" -czf img_resolute.tgz /mnt
cat > Dockerfile_img_resolute << eof
FROM scratch
ADD img_resolute.tgz /
CMD ["bash"]
eof
sudo docker build -t img_resolute -f Dockerfile_img_resolute .
sudo umount /mnt
sudo kpartx -d -v resolute-preinstalled-server-riscv64.img
sudo docker run -ti img_resolute /bin/bash

Again no command line prompt in the container.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

In the failing Questing and Resolute docker images the tty command
shows:

tty
not a tty

In Plucky I get:

root@2e594bfd4897:/# tty
/dev/pts/0

In both cases I see

mount | grep devpts
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
devpts on /dev/console type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I compiled the following program on a riscv64 Ubuntu 26.04 system as
static binary

#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <linux/tty.h>

int main(int argc, char *argv[]) {
    if (argc != 2) {
        fprintf(stderr, "Usage: %s <device>\n", argv[0]);
        return 1;
    }

    // Open the specified device
    int fd = open(argv[1], O_RDONLY);
    if (fd < 0) {
        perror("Failed to open device");
        return 1;
    }

    // Use ioctl to check if the device is a TTY
    struct winsize w;
    if (ioctl(fd, TIOCGWINSZ, &w) == -1) {
        // If ioctl fails, it's not a tty
        perror("Not a terminal (tty) or error occurred");
    } else {
        // If ioctl succeeds, it's a tty
        printf("%s is a terminal (tty).\n", argv[1]);
    }

    // Close the device
    close(fd);
    return 0;
}

I then transferred it to the Ubuntu 26.10 container and executed it:

/tmp/check_tty /dev/pts/0
/dev/pts/0 is a terminal (tty)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I compiled the following program as static binaries both on Ubuntu 26.04
and Ubuntu 25.04.

#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <linux/tty.h>

int main(int argc, char *argv[]) {
    struct winsize w;
    int fd;

    if (argc != 2) {
        fprintf(stderr, "Usage: %s <device>\n", argv[0]);
        return 1;
    }

    // Open the specified device
    fd = open(argv[1], O_RDONLY);
    if (fd < 0) {
        perror("Failed to open device");
        return 1;
    }

    // Use ioctl to check if the device is a TTY
    printf("Check for TTY via ioctl(TIOCGWINSZ)\n");
    if (ioctl(fd, TIOCGWINSZ, &w) == -1) {
        // If ioctl fails, it's not a tty
        printf("%s is NOT a terminal (tty) or error occurred", argv[1]);
    } else {
        // If ioctl succeeds, it's a tty
        printf("%s is a terminal (tty).\n", argv[1]);
    }

    printf("\nCheck for TTY via isatty()\n");
    // Use isatty() to check if the file descriptor refers to a terminal
    if (isatty(fd)) {
        printf("%s is a terminal (tty).\n", argv[1]);
    } else {
        printf("%s is NOT a terminal (tty).\n", argv[1]);
    }

    // Close the device
    close(fd);
    return 0;
}

The result differs:

Check for TTY via ioctl(TIOCGWINSZ)
/dev/pts/0 is a terminal (tty).

Check for TTY via isatty()
/dev/pts/0 is a terminal (tty).
./check_tty_2604 /dev/pts/0
Check for TTY via ioctl(TIOCGWINSZ)
/dev/pts/0 is a terminal (tty).

Check for TTY via isatty()
/dev/pts/0 is NOT a terminal (tty).

So the proble seems to be in function isatty() which is implemente in
glibc.


glibc 2.41 and 2.42 show the following difference:

2.41:
__tcgetattr (int fd, struct termios *termios_p)
retval = INLINE_SYSCALL (ioctl, 3, fd, TCGETS, &k_termios);

2.42:
__tcgetattr (int fd, struct termios *termios_p)
long int retval = INLINE_SYSCALL_CALL (ioctl, fd, TCGETS2, &k_termios);

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

In the resolute container I get the following output

./check_tcgets_2504 /dev/pts/0
/dev/pts/0 is a terminal (tty) using TCGETS.
/dev/pts/0 is NOT a terminal (tty) using TCGETS2.

with this program

#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <linux/tty.h>                 // For TCGETS2
#include <asm-generic/termbits.h>      // For struct termios2

int main(int argc, char *argv[]) {
    // Check for the correct number of command-line arguments
    if (argc != 2) {
        fprintf(stderr, "Usage: %s <device>\n", argv[0]);
        return 1;
    }

    // Open the specified device
    int fd = open(argv[1], O_RDONLY);
    if (fd < 0) {
        perror("Failed to open device");
        return 1;
    }

    // Check using TCGETS
    struct termios tty;
    if (ioctl(fd, TCGETS, &tty) == 0) {
        printf("%s is a terminal (tty) using TCGETS.\n", argv[1]);
    } else {
        printf("%s is NOT a terminal (tty) using TCGETS.\n", argv[1]);
    }

    // Check using TCGETS2 with struct termios2
    struct termios2 tty2;
    if (ioctl(fd, TCGETS2, &tty2) == 0) {
        printf("%s is a terminal (tty) using TCGETS2.\n", argv[1]);
    } else {
        printf("%s is NOT a terminal (tty) using TCGETS2.\n", argv[1]);
    }

    // Close the device
    close(fd);
    return 0;
}

Something might be wrong in the translation of TCGETS2 in QEMU.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

TCGETS2 is missing in QEMU's linux-user/ioctls.h.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I hacked up an implementation of TCGETS2, TCSETS2, TCSETSF2, TCSETSW2 in
QEMU and used it ti run the resolute docker images.

A proper implementation will include:

Functions:

in linux-user/syscall.c:
host_to_target_termios2()
target_to_host_termios2()
print_termios2()

Definitions:

in linux-user/syscall.c
#define termios2 host_termios2

in linux-user/syscall_types.h
STRUCT_SPECIAL(termios2) 

in linux-user/ioctls.h:
IOCTL(TCGETS2, IOC_R, MK_PTR(MK_STRUCT(STRUCT_termios2)))
IOCTL(TCSETS2, IOC_W, MK_PTR(MK_STRUCT(STRUCT_termios2)))
IOCTL(TCSETSF2, IOC_W, MK_PTR(MK_STRUCT(STRUCT_termios2)))
IOCTL(TCSETSW2, IOC_W, MK_PTR(MK_STRUCT(STRUCT_termios2)))

in linux-user/user-internals.h:
void print_termios2(void *arg);


With the hacked up qemu-riscv64 I get:

root@b0ee67925b73:/# tty
/dev/pts/0

root@b0ee67925b73:/# cmake --system-information
Illegal instruction        (core dumped) cmake --system-information


Debugging with GDB is not possible:

Reading symbols from cmake...
Reading symbols from /usr/lib/debug/.build-id/ab/670866ae2092b8fb1236f5f740619ad80ab79c.debug...
(gdb) r
Starting program: /usr/bin/cmake --system-information
warning: Error disabling address space randomization: Operation not permitted
warning: Could not trace the inferior process.
warning: ptrace: Function not implemented
During startup program exited with code 127.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

@qianqiu how did you attach GDB to find the cmake failure is related to
a vector instruction?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I have split of LP 2133804 for handling the IOCTL issues. Let's leave
the cmake crash in this bug report.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[qianqiu]

@xypron You can set the QEMU_GDB environment variable inside the riscv64
container, then launch the cross-toolchain gdb on your external x86 host
(for example, from Spacemit toolchain
https://archive.spacemit.com/toolchain/spacemit-toolchain-linux-
glibc-x86_64-v1.1.2.tar.xz) to debug RISC-V applications.

Steps:

Inside the RISC-V container:

QEMU_GDB=10000 cmake --system-information
This launches your program with QEMU’s built-in GDB server listening on port 10000.

On your x86 host, start the RISC-V cross GDB:

./spacemit-toolchain-linux-glibc-x86_64-v1.1.2/bin/riscv64-unknown-linux-gnu-gdb
(Standard GDB output...)

Then connect to the remote target:

(gdb) target remote :10000
If the connection times out, check that your container exposes the port, and QEMU is running.

Once connected, run your program. If you hit a SIGILL (illegal
instruction):

Program received signal SIGILL, Illegal instruction.
0x00007fffee44695a in ?? ()
(gdb) bt
#0  0x00007fffee44695a in ?? ()
(gdb) x/16i $pc-32
You observe output like this, including:

=> 0x7fffee44695a:.insn4, 0x0207f0a7
When decoding 0x0207f0a7 with an online RISC-V disassembler (such as AboutRV, https://www.aboutrv.com/tools/disassembler?code=IDB4MDIwN2YwYTc%3D), you find the instruction is:

0x0207f0a7 → vse64.v v1, (a5)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[qianqiu]

The root cause of the invalid instructions is that qemu-user does not correctly handle saving and restoring the vector context when switching signal stack frames. Although community patches addressing this issue exist, they remain unmerged. Details can be found here:
https://lists.nongnu.org/archive/html/qemu-riscv/2025-09/msg00096.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

@qianqiu wrote in a mail:

Inside the RISC-V container:
QEMU_GDB=10000 cmake --system-information
This launches your program with QEMU’s built-in GDB server listening on port 10000.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I can reproduce the issue with cmake and see the debugger indicating the
illegal instruction occurs in cmake when trying to memset() an 8 aligned
buffer.

The following also does a memset() on an 8 aligned buffer but does not
crash:

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>

#define OFFSET 0x8

int main(void) {
        printf("Starting test\n");

        size_t alignment = 128;
        size_t size = 1024;
        char *ptr = NULL;
        char *new_ptr;

        ptr = aligned_alloc(alignment, size);
        if (ptr == NULL) {
                fprintf(stderr, "Memory allocation failed\n");
                return EXIT_FAILURE;
        }

        new_ptr = ptr + OFFSET;
        memset(new_ptr, 0xff, size - OFFSET);
        free(ptr);
        return EXIT_SUCCESS;
}

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

The error can be reproduced outside of Docker:

$ /usr/bin/qemu-riscv64 -L chroot -trace "*,file=trace.out" chroot/usr/bin/cmake --system-information
Illegal instruction        (core dumped) /usr/bin/qemu-riscv64 -L chroot -trace file=trace.out chroot/usr/bin/cmake --system-information

The trace file ends with

...
qemu_mutex_locked taken mutex 0x5555565d9ac0 (tcg/region.c:228)
qemu_mutex_unlock released mutex 0x5555565d9ac0 (tcg/region.c:230)
exec_tb tb:0x7726d1ee9340 pc=0x7726cf50095a
riscv_exception 2 (illegal_instruction) on epc 0x7726cf50095a
qemu_mutex_lock waiting on mutex 0x5555565da718 (cpu-common.c:352)
qemu_mutex_locked taken mutex 0x5555565da718 (cpu-common.c:352)
qemu_mutex_unlock released mutex 0x5555565da718 (cpu-common.c:354)
user_queue_signal env=0x5555565dd100 signal 4
user_handle_signal env=0x5555565dd100 signal 4
user_dump_core_and_abort env=0x5555565dd100 signal 4 (host 4)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

The failure is cause in QEMU function vext_check_store() function
require_align() is invoked.

For the failing instruction the following test is not passed:

/*
 * Vector register should aligned with the passed-in LMUL (EMUL).
 * If LMUL < 0, i.e. fractional LMUL, any vector register is allowed.
 */
static bool require_align(const int8_t val, const int8_t lmul)
{
    return lmul <= 0 || extract32(val, 0, lmul) == 0;
}

I added some debug output for function vext_check_store():

eew = 3 but s->seq = 0.
eew = 3, s->sew = 0, s->lmul = 0
emul = 3 : emul >= -3 && emul <= 3 = 1
require_align(vd = 1, emul = 3) = 0
require_nf(vd = 1, nf = 1, emul = 3) = 1

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

I have now been logging with -d exec.
The error seems always to occur after __vdso_rt_sigreturn

Trace 0: 0x7856cd9ff840 [003411ef/00007856cc13d868/020ea078/00000000]·
Trace 0: 0x7856ccf63640 [003411ef/00007856cc0ebc72/020ea078/00000000]·
Trace 0: 0x7856ccf63a80 [003411ef/00007856cc0ebc62/020ea078/00000000]·
Trace 0: 0x7856ccf63b80 [003411ef/00007856cc0ebc7e/020ea078/00000000]·
Trace 0: 0x7856cda00300 [003411ef/00007856d4e37a4c/020ea078/00000000]·
Trace 0: 0x7856cda007c0 [003411ef/00007856d5dc46cc/020ea078/00000000] __vdso_rt_sigreturn
riscv_tr_init_disas_context: pc: 0x00007856cc10095a, ctx->sew set to 0 
vext_check_store: pc: 0x00007856cc10095a
eew = 3, s->sew = 0, s->lmul = 0
emul = 3 : emul >= -3 && emul <= 3 = 1 
require_align(vd = 1, emul = 3) = 0 
require_nf(vd = 1, nf = 1, emul = 3) = 1 
----------------
IN:·
0x7856cc10095a:  0207f0a7          vse64.v                 v1,(a5)

OUT: [size=64]
  -- guest addr 0x00007856cc10095a + tb prologue 
0x7856ce1bc400:··
OBJD-H: 8b5df085db0f8c29000000c645f401c78570130000a7f00702488d1d3a45f4fd
OBJD-H: 48899d30120000be02000000488bfde86cad7207488d0508ffffffe9d83bc4fe

Trace 0: 0x7856ce1bc400 [003411ef/00007856cc10095a/020ea078/00000000]·

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

setup_sigcontext() only saves integer and floating point registers and
misses out on vector registers and vector state CSRs.

Emulation of the aarch64 architecture saves vector registers in function
target_setup_fpsimd_record() when processing signals.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

The bug being caused by interrupts can explain why the error was only
observed sporadically.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

qianqiu wrote on Gitlab:

This patch (https://lists.nongnu.org/archive/html/qemu-
riscv/2025-09/msg00096.html) has been verified to solve my problem.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

The patch series is also available at
https://lore.kernel.org/qemu-riscv/20250903081417.338515-1-npiggin@gmail.com/

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  Illegal instruction in memset under qemu-user for riscv64

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: Illegal instruction in memset under qemu-user for riscv64

[Heinrich Schuchardt]

** Changed in: qemu (Ubuntu)
    Milestone: None => ubuntu-26.04

** Changed in: qemu (Ubuntu)
     Assignee: Heinrich Schuchardt (xypron) => (unassigned)

** Changed in: qemu (Ubuntu)
   Importance: Medium => High

** Also affects: qemu (Ubuntu Questing)
   Importance: Undecided
       Status: New

** Also affects: qemu (Ubuntu Resolute)
   Importance: High
       Status: Confirmed

** Summary changed:

- Illegal instruction in memset under qemu-user for riscv64
+ [SRU] RISC-V vector state not restored by signal handler

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  New
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Heinrich Schuchardt]

** Also affects: qemu (Ubuntu Plucky)
   Importance: Undecided
       Status: New

** Also affects: qemu (Ubuntu Noble)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  New
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Heinrich Schuchardt]

** Changed in: qemu (Ubuntu Noble)
    Milestone: None => ubuntu-24.04.4

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  New
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Utkarsh Gupta]

Ubuntu 25.04 (Plucky Puffin) has reached end of life, so this bug will
not be fixed for that specific release.

** Changed in: qemu (Ubuntu Plucky)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Christian Ehrhardt]

Sadly this has gotten stuck upstream, there have been patches and people
willing to test but nothing concluded. We will have to check if/what we
can merge along 10.2 in the next few days or if it has to be a bug-fix
upload afterwards but hopefully before 26.04 release.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Heinrich Schuchardt]

The issue is reproducible with 1:10.2.1+ds-1ubuntu2.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Launchpad Bug Tracker]

** Merge proposal linked:
   https://code.launchpad.net/~xypron/ubuntu/+source/qemu/+git/qemu/+merge/502458

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Heinrich Schuchardt]

QEMU 10.2.1+ds-1ubuntu3~ppa1 currently building in ppa:xypron/qemu solve
the reported issue for me.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Jonas Jelten]

** Tags added: server-todo

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions

[Bug 2133188] Re: [SRU] RISC-V vector state not restored by signal handler

[Hector CAO]

** Also affects: qemu-hwe (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/2133188

Title:
  [SRU] RISC-V vector state not restored by signal handler

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Confirmed
Status in qemu-hwe package in Ubuntu:
  New
Status in qemu source package in Noble:
  New
Status in qemu-hwe source package in Noble:
  New
Status in qemu source package in Plucky:
  Won't Fix
Status in qemu-hwe source package in Plucky:
  New
Status in qemu source package in Questing:
  New
Status in qemu-hwe source package in Questing:
  New
Status in qemu source package in Resolute:
  Confirmed
Status in qemu-hwe source package in Resolute:
  New

Bug description:
  # Title
  qemu-user (qemu-riscv64-static): intermittent Illegal instruction in memset (vse64.v) when running cmake in riscv64 container (Ubuntu 26.04)

  ## Summary
  While running cmake (and other build steps) inside a linux/riscv64 Ubuntu 26.04 container on an x86_64 host using qemu-user (qemu-riscv64-static) registered via binfmt_misc, cmake sometimes crashes with "Illegal instruction (core dumped)" or "died with signal 4". The illegal instruction is observed inside glibc's memset implementation at an instruction that uses RISC-V vector extension (vse64.v). The failure is intermittent (~50% reproducer rate). Using a scalar-only memset (libnovecmem.so via LD_PRELOAD) or running under gdb / enabling QEMU_STRACE significantly reduces or eliminates the failure, which strongly suggests a qemu-user/emulation bug (vector handling / code generation / state corruption), not a cmake bug.

  ## Affects
  - qemu-user qemu-riscv64-static (as packaged in Ubuntu qemu 10.1.0+ds-5ubuntu3)
  - Running in Docker container for riscv64 on x86_64 host via binfmt_misc qemu-user static interpreter

  ## Environment / Context
  - Host CPU: x86_64 (Docker multiarch running qemu-user for riscv64)
  - Host OS：multiple Ubuntu releases (22.04, 24.04, 25.10) 
  - Container image: ubuntu:26.04 for riscv64
  - qemu package used:
    - downloaded .deb from Launchpad: qemu-user_10.1.0+ds-5ubuntu3_amd64.deb and on several Debian qemu-user packages (qemu-user_10.2.0~rc1+ds-1, qemu-user_10.0.6+ds-0+deb13u2). 
    - copied qemu-riscv64 binary into /usr/bin/qemu-riscv64-static inside host and registered via /proc/sys/fs/binfmt_misc/register
  - CMake version used inside container (bootstrap/build may use system-provided cmake binary): cmake 3.x (bootstrapping cmake while building also triggers crash)
  - Reproduction frequency: intermittent, ~50% (can get large variance: several consecutive successes or failures)
  - Observed behavior changes when: LD_PRELOAD libnovecmem.so (scalar memset) — almost completely avoids crash; running under gdb or enabling QEMU_STRACE also makes it much harder to reproduce.
    

  ## Full reproduction steps
  1. On x86_64 host, fetch qemu-user .deb and extract the riscv static binary:
     wget https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu3/+build/31393935/+files/qemu-user_10.1.0+ds-5ubuntu3_amd64.deb
     dpkg-deb -x qemu-user_10.1.0+ds-5ubuntu3_amd64.deb qemu-user_10.1.0+ds-5ubuntu3_amd64
     sudo cp qemu-user_10.1.0+ds-5ubuntu3_amd64/usr/bin/qemu-riscv64 /usr/bin/qemu-riscv64-static

  2. Register qemu-riscv64 with binfmt_misc:
     echo -1 > /proc/sys/fs/binfmt_misc/qemu-riscv64
     echo ':qemu-riscv64:M:0:\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-riscv64-static:POCF' >/proc/sys/fs/binfmt_misc/register

  3. Start riscv64 ubuntu container:
     docker run --platform=linux/riscv64 --name ubuntu26 -itd ubuntu:26.04 bash
     docker exec -it ubuntu26 bash -i

  4. Inside container:
     apt update
     apt install -y build-essential cmake

  5. Reproducer 1:
     cmake --system-information
     -> Often fails with:
        bash: [15: 1 (255)] tcsetattr: Inappropriate ioctl for device
        Illegal instruction (core dumped)

  6. Reproducer 2 (minimal C project):
     Create test_cmake/CMakeLists.txt:
     cmake_minimum_required(VERSION 3.10)
     project(HelloCMake C)
     add_executable(hello main.c)

     Create test_cmake/main.c:
     #include <stdio.h>
     int main() {
         printf("Hello, CMake!\n");
         return 0;
     }

     cd test_cmake
     cmake .
     -> Crash with:
        -- Detecting C compiler ABI info
        bash: line 1:  8489 Illegal instruction        (core dumped) cmake .

  7. Reproducer 3 (rebuild cmake from source inside container):
     apt source cmake
     cd cmake
     apt-get build-dep .
     dpkg-buildpackage -us -uc -b
     -> Bootstrapping error:
        Illegal instruction (core dumped)
        Error when bootstrapping CMake:
        Problem while running initial CMake

  8. Observed crash location (from gdb/QEMU_STRACE when available):
     - Illegal instruction is in memset@@GLIBC_2.27+0x52
     - Faulting instruction: vse64.v v1,(a5)    (RISC-V vector store of 64-bit elements)


  ## Workarounds
  - LD_PRELOAD a scalar-only memset library (libnovecmem.so) to avoid glibc using vectorized memset.
  - Run the failing process under gdb (slower) or enable QEMU_STRACE=1 — both make the failure much less likely.

  Note: The same workload does not reproduce the crash when run under
  qemu-system (full-system emulation). The issue appears specific to
  qemu-user

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/2133188/+subscriptions