Eval bug: Segmentation fault when loading SmolVLM-500M-Instruct-Q8\_0.gguf on Termux / Android ARM64, only in Termux, not in Prooted ones, other gguf work fine

[Manamama]

Name and Version

When toying with : llama-server -hf ggml-org/SmolVLM-500M-Instruct-GGUF I have discovered the below.

ChatGPT wrote most of it:

---

Segmentation fault when loading SmolVLM-500M-Instruct-Q8_0.gguf on Termux / Android ARM64

Environment:

Device:    MediaTek MT6785V/CD (8-core ARMv8)
OS:        Android 11 aarch64 (via Termux)
Kernel:    4.14.186+
Shell:     bash 5.2.37 (via Termux)
Compiler:  clang 20.1.5 (termux build)
llama.cpp: commit 6b56a646 (build 5453)

Command:

llama-server -m /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf

Result:

...
llama_context: graph splits = 1
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
common_init_from_params: warming up the model with an empty run - please wait ... (--no-warmup to disable)

Thread 1 "llama-server" received signal SIGSEGV, Segmentation fault.
0x0000007fbded0d38 in VTT for std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > () from /data/data/com.termux/files/usr/lib/libc++_shared.so

Behavior:

• Works perfectly with other .gguf files (e.g., TinyLlama, Mistral, Phi2, etc.)
• Only crashes on this model (SmolVLM-500M-Instruct-Q8_0.gguf)
• Reproducible across llama-cli and llama-server, even with --no-warmup
• Works on same hardware when using other quantized GGUF files
• Crashes during warmup, likely during debug/diagnostic logging that internally uses std::ostringstream
• Same binary works for other models, suggesting the issue is data-triggered, not toolchain-related

Hypothesis:

• Likely malformed or corrupted string in tokenizer.chat_template, tokenizer.ggml.tokens, or metadata array, which causes undefined behavior when being streamed via std::ostringstream — maybe due to invalid UTF-8 or a bug in parsing logic.

gguf-dump output shows:

- kv 45: tokenizer.chat_template str = <|im_start|>{% for message in messages %}...
- kv 38: tokenizer.ggml.tokens arr[str,49280]
- kv 40: tokenizer.ggml.merges arr[str,48900]

These are candidates for malformed input that could cause ostringstream to crash at VTT dispatch.

Reproduction confirmed on:

• Fresh install of Termux with no NDK environment interference
• Static vs dynamic libc++ shows no difference
• Changing LD_LIBRARY_PATH, --no-warmup, or thread count has no effect
• Custom C++ ostringstream stress tests work fine under the same environment
• Backtrace isolates crash to the libc++ VTT dispatch, implying corrupt or invalid string metadata usage at runtime

Minimal fix suggestion:

• Add additional sanitization of strings during GGUF metadata parsing, especially in tokenizer fields
• Wrap std::ostringstream << calls with bounds/UTF-8 guards
• Optionally skip/disable metadata printing in warmup when GGUF field count is high

---

Grok AI below:

GGUF File Details:
SmolVLM-500M-Instruct-Q8_0.gguf:
Architecture: llama

Type: model

Metadata: 49 key-value pairs (e.g., llama.block_count=32, context_length=8192, embedding_length=960)

Tensors: 291 (65 F32, 226 Q8_0), 414.86 MiB, 8.50 BPW

Tokenizer: GPT-2 based (smollm preset), 49,280 tokens, 48,900 merges

Base Models: SmolLM2 360M Instruct (HuggingFaceTB), Siglip Base Patch16 512 (Google)

Datasets: The_Cauldron, Docmatix (HuggingFaceM4)

mmproj-SmolVLM-500M-Instruct-Q8_0.gguf (tested separately, also crashes):
Architecture: clip

Type: clip-vision

Metadata: 40 key-value pairs (e.g., clip.vision.image_size=512, patch_size=16, projector_type=idefics3)

Tensors: 198 (mostly Q8_0, some F32), ~98M parameters

Key Tensor: mm.model.fc.weight (12,288 x 960, Q8_0)

Absolute_Zero_Reasoner-Coder-14b.Q2_K.gguf (works without crash):
Architecture: qwen2

Type: model

Metadata: 31 key-value pairs

Tensors: 579 (Q2_K, Q3_K, Q4_K, Q6_K, F32), 5.37 GiB, 3.12 BPW

Additional Context:
The crash occurs only in Termux (Bionic libc), not in a Prooted Debian environment (glibc), suggesting Bionic’s stricter memory alignment or aarch64 optimizations (DOTPROD, FP16_VA, AARCH64_REPACK) expose the issue.

ldd ./llama-server shows dual libc++ linking:

/data/data/com.termux/files/usr/lib/libc++_shared.so
/system/lib64/libc++.so

This may cause ABI conflicts, especially during vision processing (std::ostringstream usage in ggml or metadata logging).

The mmproj file’s idefics3 projector type may have incomplete support in llama.cpp (build 5453), potentially causing memory corruption during CLIP vision initialization.

Testing without the mmproj file (as above) still results in a crash, indicating the issue lies in the main model’s vision-related initialization (likely due to its Siglip base model integration).

Other models (e.g., Absolute_Zero_Reasoner-Coder-14b.Q2_K.gguf) work because they are text-only, bypassing the CLIP vision code path.

Suspected Root Cause:
A bug in llama.cpp’s vision initialization (CLIP architecture, idefics3 projector) causes memory corruption during the warm-up phase, likely in ggml tensor operations or metadata logging using std::ostringstream. This is exacerbated by:
Dual libc++ linking (/data/data/com.termux/files/usr/lib/libc++_shared.so and /system/lib64/libc++.so), causing ABI mismatches.

Bionic libc’s strict memory management on Android (aarch64).

Possible incomplete idefics3 projector support or Q8_0 tensor handling in the CLIP vision path.

Suggested Fix:
Investigate llama.cpp’s CLIP vision initialization (llama_new_context_with_model, common_init_from_params) for buffer overflows or invalid pointer operations, especially in ggml tensor allocation or std::ostringstream usage.

Ensure consistent libc++ linking by rebuilding dependencies (libcurl.so, libomp.so) to use only Termux’s libc++_shared.so.

Verify idefics3 projector support and Q8_0 tensor handling on aarch64 with Bionic libc.

Add memory alignment checks for aarch64 optimizations (DOTPROD, FP16_VA).

Workaround Attempted:
Rebuilding llama.cpp with -DCMAKE_CXX_FLAGS="-nostdlib++ -L/data/data/com.termux/files/usr/lib -lc++_shared" to avoid /system/lib64/libc++.so (did not resolve the issue).

Testing without mmproj file (still crashes, as shown above).

Testing other vision models (e.g., MobileVLM-3B-Q4_K_M.gguf) is pending.

Attachments:
Full llama-server log for SmolVLM-500M-Instruct-Q8_0.gguf (#) (see above)

gguf-dump for SmolVLM-500M-Instruct-Q8_0.gguf (#) (summarized above)

gguf-dump for mmproj-SmolVLM-500M-Instruct-Q8_0.gguf (#) (summarized above)

gguf-dump for Absolute_Zero_Reasoner-Coder-14b.Q2_K.gguf (#) (summarized above)

GDB backtrace (#) (see above)

• my comments , the log:

-- The C compiler identification is Clang 20.1.5
-- The CXX compiler identification is Clang 20.1.5
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /data/data/com.termux/files/usr/bin/clang - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /data/data/com.termux/files/usr/bin/clang++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git: /data/data/com.termux/files/usr/bin/git (found version "2.49.0")
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Check if compiler accepts -pthread
-- Check if compiler accepts -pthread - yes
-- Found Threads: TRUE
-- ccache found, compilation results will be cached. Disable with GGML_CCACHE=OFF.
-- CMAKE_SYSTEM_PROCESSOR: aarch64
-- Including CPU backend
-- Found OpenMP_C: -fopenmp=libomp (found version "5.1")
-- Found OpenMP_CXX: -fopenmp=libomp (found version "5.1")
-- Found OpenMP: TRUE (found version "5.1")
-- ARM detected
-- Performing Test GGML_COMPILER_SUPPORTS_FP16_FORMAT_I3E
-- Performing Test GGML_COMPILER_SUPPORTS_FP16_FORMAT_I3E - Failed
-- ARM -mcpu not found, -mcpu=native will be used
-- Performing Test GGML_MACHINE_SUPPORTS_dotprod
-- Performing Test GGML_MACHINE_SUPPORTS_dotprod - Success
-- Performing Test GGML_MACHINE_SUPPORTS_i8mm
-- Performing Test GGML_MACHINE_SUPPORTS_i8mm - Failed
-- Performing Test GGML_MACHINE_SUPPORTS_noi8mm
-- Performing Test GGML_MACHINE_SUPPORTS_noi8mm - Success
-- Performing Test GGML_MACHINE_SUPPORTS_sve
-- Performing Test GGML_MACHINE_SUPPORTS_sve - Failed
-- Performing Test GGML_MACHINE_SUPPORTS_nosve
-- Performing Test GGML_MACHINE_SUPPORTS_nosve - Success
-- Performing Test GGML_MACHINE_SUPPORTS_sme
-- Performing Test GGML_MACHINE_SUPPORTS_sme - Failed
-- Performing Test GGML_MACHINE_SUPPORTS_nosme
-- Performing Test GGML_MACHINE_SUPPORTS_nosme - Success
-- ARM feature DOTPROD enabled
-- ARM feature FMA enabled
-- ARM feature FP16_VECTOR_ARITHMETIC enabled
-- Adding CPU backend variant ggml-cpu: -mcpu=native+dotprod+noi8mm+nosve+nosme 
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found CURL: /data/data/com.termux/files/usr/lib/libcurl.so (found version "8.13.0")
-- Configuring done (15.0s)
-- Generating done (0.8s)
-- Build files have been written to: /data/data/com.termux/files/home/downloads/llama.cpp/build
[  3%] Built target ggml-base
[  9%] Built target ggml-cpu
[ 10%] Built target ggml
[ 21%] Built target llama
[ 21%] Built target build_info
[ 27%] Built target common
...
-- Set non-toolchain portion of runtime path of "/data/data/com.termux/files/usr/bin/llama-export-lora" to ""
-- Installing: /data/data/com.termux/files/usr/lib/libllama.so
-- Set non-toolchain portion of runtime path of "/data/data/com.termux/files/usr/lib/libllama.so" to ""
-- Up-to-date: /data/data/com.termux/files/usr/include/llama.h
-- Up-to-date: /data/data/com.termux/files/usr/include/llama-cpp.h
-- Up-to-date: /data/data/com.termux/files/usr/lib/cmake/llama/llama-config.cmake
-- Up-to-date: /data/data/com.termux/files/usr/lib/cmake/llama/llama-version.cmake
-- Up-to-date: /data/data/com.termux/files/usr/bin/convert_hf_to_gguf.py
-- Up-to-date: /data/data/com.termux/files/usr/lib/pkgconfig/llama.pc
~/downloads/llama.cpp $

so

~/downloads/llama.cpp $ which llama-server
/data/data/com.termux/files/usr/bin/llama-server
~/downloads/llama.cpp $ /data/data/com.termux/files/usr/bin/llama-server
WARNING: linker: Warning: unable to normalize "none" (ignoring)
build: 5453 (6b56a646) with clang version 20.1.5 for aarch64-unknown-linux-android24
system info: n_threads = 8, n_threads_batch = 8, total_threads = 8

and:

~/downloads/llama.cpp $ llama-server -hf ggml-org/SmolVLM-500M-Instruct-GGUF --no-warmup
WARNING: linker: Warning: unable to normalize "none" (ignoring)
curl_perform_with_retry: HEAD https://huggingface.co/ggml-org/SmolVLM-500M-Instruct-GGUF/resolve/main/SmolVLM-500M-Instruct-Q8_0.gguf (attempt 1 of 1)...
common_download_file_single: using cached file: /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf
curl_perform_with_retry: HEAD https://huggingface.co/ggml-org/SmolVLM-500M-Instruct-GGUF/resolve/main/mmproj-SmolVLM-500M-Instruct-Q8_0.gguf (attempt 1 of 1)...
common_download_file_single: using cached file: /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_mmproj-SmolVLM-500M-Instruct-Q8_0.gguf
build: 5453 (6b56a646) with clang version 20.1.5 for aarch64-unknown-linux-android24
system info: n_threads = 8, n_threads_batch = 8, total_threads = 8

system_info: n_threads = 8 (n_threads_batch = 8) / 8 | CPU : NEON = 1 | ARM_FMA = 1 | FP16_VA = 1 | DOTPROD = 1 | LLAMAFILE = 1 | OPENMP = 1 | AARCH64_REPACK = 1 | 

main: binding port with default address family
main: HTTP server is listening, hostname: 127.0.0.1, port: 8080, http threads: 7
main: loading model
srv    load_model: loading model '/data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf'
llama_model_loader: loaded meta data with 49 key-value pairs and 291 tensors from /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf (version GGUF V3 (latest))
llama_model_loader: Dumping metadata keys/values. Note: KV overrides do not apply in this output.
llama_model_loader: - kv   0:                       general.architecture str              = llama
llama_model_loader: - kv   1:                               general.type str              = model
llama_model_loader: - kv   2:                               general.name str              = SmolVLM 500M Instruct
llama_model_loader: - kv   3:                           general.finetune str              = Instruct
llama_model_loader: - kv   4:                           general.basename str              = SmolVLM
llama_model_loader: - kv   5:                         general.size_label str              = 500M
llama_model_loader: - kv   6:                            general.license str              = apache-2.0
llama_model_loader: - kv   7:                   general.base_model.count u32              = 2
llama_model_loader: - kv   8:                  general.base_model.0.name str              = SmolLM2 360M Instruct
llama_model_loader: - kv   9:          general.base_model.0.organization str              = HuggingFaceTB
llama_model_loader: - kv  10:              general.base_model.0.repo_url str              = https://huggingface.co/HuggingFaceTB/...
llama_model_loader: - kv  11:                  general.base_model.1.name str              = Siglip Base Patch16 512
llama_model_loader: - kv  12:               general.base_model.1.version str              = 512
llama_model_loader: - kv  13:          general.base_model.1.organization str              = Google
llama_model_loader: - kv  14:              general.base_model.1.repo_url str              = https://huggingface.co/google/siglip-...
llama_model_loader: - kv  15:                      general.dataset.count u32              = 2
llama_model_loader: - kv  16:                     general.dataset.0.name str              = The_Cauldron
llama_model_loader: - kv  17:             general.dataset.0.organization str              = HuggingFaceM4
llama_model_loader: - kv  18:                 general.dataset.0.repo_url str              = https://huggingface.co/HuggingFaceM4/...
llama_model_loader: - kv  19:                     general.dataset.1.name str              = Docmatix
llama_model_loader: - kv  20:             general.dataset.1.organization str              = HuggingFaceM4
llama_model_loader: - kv  21:                 general.dataset.1.repo_url str              = https://huggingface.co/HuggingFaceM4/...
llama_model_loader: - kv  22:                               general.tags arr[str,1]       = ["image-text-to-text"]
llama_model_loader: - kv  23:                          general.languages arr[str,1]       = ["en"]
llama_model_loader: - kv  24:                          llama.block_count u32              = 32
llama_model_loader: - kv  25:                       llama.context_length u32              = 8192
llama_model_loader: - kv  26:                     llama.embedding_length u32              = 960
llama_model_loader: - kv  27:                  llama.feed_forward_length u32              = 2560
llama_model_loader: - kv  28:                 llama.attention.head_count u32              = 15
llama_model_loader: - kv  29:              llama.attention.head_count_kv u32              = 5
llama_model_loader: - kv  30:                       llama.rope.freq_base f32              = 100000.000000
llama_model_loader: - kv  31:     llama.attention.layer_norm_rms_epsilon f32              = 0.000010
llama_model_loader: - kv  32:                 llama.attention.key_length u32              = 64
llama_model_loader: - kv  33:               llama.attention.value_length u32              = 64
llama_model_loader: - kv  34:                           llama.vocab_size u32              = 49280
llama_model_loader: - kv  35:                 llama.rope.dimension_count u32              = 64
llama_model_loader: - kv  36:                       tokenizer.ggml.model str              = gpt2
llama_model_loader: - kv  37:                         tokenizer.ggml.pre str              = smollm
llama_model_loader: - kv  38:                      tokenizer.ggml.tokens arr[str,49280]   = ["<|endoftext|>", "<|im_start|>", "<|...
llama_model_loader: - kv  39:                  tokenizer.ggml.token_type arr[i32,49280]   = [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ...
llama_model_loader: - kv  40:                      tokenizer.ggml.merges arr[str,48900]   = ["Ġ t", "Ġ a", "i n", "h e", "Ġ Ġ...
llama_model_loader: - kv  41:                tokenizer.ggml.bos_token_id u32              = 1
llama_model_loader: - kv  42:                tokenizer.ggml.eos_token_id u32              = 49279
llama_model_loader: - kv  43:            tokenizer.ggml.unknown_token_id u32              = 0
llama_model_loader: - kv  44:            tokenizer.ggml.padding_token_id u32              = 2
llama_model_loader: - kv  45:                    tokenizer.chat_template str              = <|im_start|>{% for message in message...
llama_model_loader: - kv  46:            tokenizer.ggml.add_space_prefix bool             = false
llama_model_loader: - kv  47:               general.quantization_version u32              = 2
llama_model_loader: - kv  48:                          general.file_type u32              = 7
llama_model_loader: - type  f32:   65 tensors
llama_model_loader: - type q8_0:  226 tensors
print_info: file format = GGUF V3 (latest)
print_info: file type   = Q8_0
print_info: file size   = 414.86 MiB (8.50 BPW) 
load: special_eos_id is not in special_eog_ids - the tokenizer config may be incorrect
load: special tokens cache size = 145
load: token to piece cache size = 0.3199 MB
print_info: arch             = llama
print_info: vocab_only       = 0
print_info: n_ctx_train      = 8192
print_info: n_embd           = 960
print_info: n_layer          = 32
print_info: n_head           = 15
print_info: n_head_kv        = 5
print_info: n_rot            = 64
print_info: n_swa            = 0
print_info: n_swa_pattern    = 1
print_info: n_embd_head_k    = 64
print_info: n_embd_head_v    = 64
print_info: n_gqa            = 3
print_info: n_embd_k_gqa     = 320
print_info: n_embd_v_gqa     = 320
print_info: f_norm_eps       = 0.0e+00
print_info: f_norm_rms_eps   = 1.0e-05
print_info: f_clamp_kqv      = 0.0e+00
print_info: f_max_alibi_bias = 0.0e+00
print_info: f_logit_scale    = 0.0e+00
print_info: f_attn_scale     = 0.0e+00
print_info: n_ff             = 2560
print_info: n_expert         = 0
print_info: n_expert_used    = 0
print_info: causal attn      = 1
print_info: pooling type     = 0
print_info: rope type        = 0
print_info: rope scaling     = linear
print_info: freq_base_train  = 100000.0
print_info: freq_scale_train = 1
print_info: n_ctx_orig_yarn  = 8192
print_info: rope_finetuned   = unknown
print_info: ssm_d_conv       = 0
print_info: ssm_d_inner      = 0
print_info: ssm_d_state      = 0
print_info: ssm_dt_rank      = 0
print_info: ssm_dt_b_c_rms   = 0
print_info: model type       = 8B
print_info: model params     = 409.25 M
print_info: general.name     = SmolVLM 500M Instruct
print_info: vocab type       = BPE
print_info: n_vocab          = 49280
print_info: n_merges         = 48900
print_info: BOS token        = 1 '<|im_start|>'
print_info: EOS token        = 49279 '<end_of_utterance>'
print_info: EOT token        = 2 '<|im_end|>'
print_info: UNK token        = 0 '<|endoftext|>'
print_info: PAD token        = 2 '<|im_end|>'
print_info: LF token         = 198 'Ċ'
print_info: FIM REP token    = 4 '<reponame>'
print_info: EOG token        = 0 '<|endoftext|>'
print_info: EOG token        = 2 '<|im_end|>'
print_info: EOG token        = 4 '<reponame>'
print_info: EOG token        = 49279 '<end_of_utterance>'
print_info: max token length = 162
load_tensors: loading model tensors, this can take a while... (mmap = true)
load_tensors:   CPU_Mapped model buffer size =   414.86 MiB
...............................................................................
llama_context: constructing llama_context
llama_context: n_seq_max     = 1
llama_context: n_ctx         = 4096
llama_context: n_ctx_per_seq = 4096
llama_context: n_batch       = 2048
llama_context: n_ubatch      = 512
llama_context: causal_attn   = 1
llama_context: flash_attn    = 0
llama_context: freq_base     = 100000.0
llama_context: freq_scale    = 1
llama_context: n_ctx_per_seq (4096) < n_ctx_train (8192) -- the full capacity of the model will not be utilized
llama_context:        CPU  output buffer size =     0.19 MiB
llama_kv_cache_unified:        CPU KV buffer size =   160.00 MiB
llama_kv_cache_unified: size =  160.00 MiB (  4096 cells,  32 layers,  1 seqs), K (f16):   80.00 MiB, V (f16):   80.00 MiB
llama_context:        CPU compute buffer size =   135.51 MiB
llama_context: graph nodes  = 1158
llama_context: graph splits = 1
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
Segmentation fault
~/downloads/llama.cpp $ 

Operating systems

Other? (Please let us know in description)

GGML backends

BLAS

Hardware

See above

Models

See above

Problem description & steps to reproduce

See above

First Bad Commit

?

Relevant log output

See above

[Manamama]

Update 2:
Solved, see below.
Update 1:
More ggufs crash now, see below. More or less, about 2 weeks ago the older version used to work.

~/.../external_SD/LLMs $    uname -a
Linux localhost 4.14.186+ #1 SMP PREEMPT Thu Mar 17 16:28:22 CST 2022 aarch64 Android
~/.../external_SD/LLMs $ 

(I may have compiled the newest one against smth weird, granted...)

Ref:

~/.../external_SD/LLMs $ llama-cli -m gemma-3-12b-it-Q2_K_L.gguf -p "Introduce yourself as AI"
WARNING: linker: Warning: unable to normalize "none" (ignoring)
build: 5453 (6b56a646) with clang version 20.1.5 for aarch64-unknown-linux-android24
main: llama backend init
main: load the model and apply lora adapter, if any
llama_model_loader: loaded meta data with 34 key-value pairs and 626 tensors from gemma-3-12b-it-Q2_K_L.gguf (version GGUF V3 (latest))
llama_model_loader: Dumping metadata keys/values. Note: KV overrides do not apply in this output.
llama_model_loader: - kv   0:                       general.architecture str              = gemma3
llama_model_loader: - kv   1:                               general.type str              = model
llama_model_loader: - kv   2:                               general.name str              = Gemma-3-12B-It
llama_model_loader: - kv   3:                       general.quantized_by str              = Unsloth
llama_model_loader: - kv   4:                         general.size_label str              = 12B
llama_model_loader: - kv   5:                           general.repo_url str              = https://huggingface.co/unsloth
llama_model_loader: - kv   6:                      gemma3.context_length u32              = 131072
llama_model_loader: - kv   7:                    gemma3.embedding_length u32              = 3840
llama_model_loader: - kv   8:                         gemma3.block_count u32              = 48
llama_model_loader: - kv   9:                 gemma3.feed_forward_length u32              = 15360
llama_model_loader: - kv  10:                gemma3.attention.head_count u32              = 16
llama_model_loader: - kv  11:    gemma3.attention.layer_norm_rms_epsilon f32              = 0.000001
llama_model_loader: - kv  12:                gemma3.attention.key_length u32              = 256
llama_model_loader: - kv  13:              gemma3.attention.value_length u32              = 256
llama_model_loader: - kv  14:                      gemma3.rope.freq_base f32              = 1000000.000000
llama_model_loader: - kv  15:            gemma3.attention.sliding_window u32              = 1024
llama_model_loader: - kv  16:             gemma3.attention.head_count_kv u32              = 8
llama_model_loader: - kv  17:                   gemma3.rope.scaling.type str              = linear
llama_model_loader: - kv  18:                 gemma3.rope.scaling.factor f32              = 8.000000
llama_model_loader: - kv  19:                       tokenizer.ggml.model str              = llama
llama_model_loader: - kv  20:                         tokenizer.ggml.pre str              = default
llama_model_loader: - kv  21:                      tokenizer.ggml.tokens arr[str,262208]  = ["<pad>", "<eos>", "<bos>", "<unk>", ...
llama_model_loader: - kv  22:                      tokenizer.ggml.scores arr[f32,262208]  = [-1000.000000, -1000.000000, -1000.00...
llama_model_loader: - kv  23:                  tokenizer.ggml.token_type arr[i32,262208]  = [3, 3, 3, 3, 3, 4, 3, 3, 3, 3, 3, 3, ...
llama_model_loader: - kv  24:                tokenizer.ggml.bos_token_id u32              = 2
llama_model_loader: - kv  25:                tokenizer.ggml.eos_token_id u32              = 106
llama_model_loader: - kv  26:            tokenizer.ggml.unknown_token_id u32              = 3
llama_model_loader: - kv  27:            tokenizer.ggml.padding_token_id u32              = 0
llama_model_loader: - kv  28:               tokenizer.ggml.add_bos_token bool             = true
llama_model_loader: - kv  29:               tokenizer.ggml.add_eos_token bool             = false
llama_model_loader: - kv  30:                    tokenizer.chat_template str              = {{ bos_token }}\n{%- if messages[0]['r...
llama_model_loader: - kv  31:            tokenizer.ggml.add_space_prefix bool             = false
llama_model_loader: - kv  32:               general.quantization_version u32              = 2
llama_model_loader: - kv  33:                          general.file_type u32              = 10
llama_model_loader: - type  f32:  289 tensors
llama_model_loader: - type q2_K:  192 tensors
llama_model_loader: - type q3_K:  144 tensors
llama_model_loader: - type q4_K:    1 tensors
print_info: file format = GGUF V3 (latest)
print_info: file type   = Q2_K - Medium
print_info: file size   = 4.19 GiB (3.06 BPW) 
load: special tokens cache size = 6415
load: token to piece cache size = 1.9446 MB
print_info: arch             = gemma3
print_info: vocab_only       = 0
print_info: n_ctx_train      = 131072
print_info: n_embd           = 3840
print_info: n_layer          = 48
print_info: n_head           = 16
print_info: n_head_kv        = 8
print_info: n_rot            = 256
print_info: n_swa            = 1024
print_info: n_swa_pattern    = 6
print_info: n_embd_head_k    = 256
print_info: n_embd_head_v    = 256
print_info: n_gqa            = 2
print_info: n_embd_k_gqa     = 2048
print_info: n_embd_v_gqa     = 2048
print_info: f_norm_eps       = 0.0e+00
print_info: f_norm_rms_eps   = 1.0e-06
print_info: f_clamp_kqv      = 0.0e+00
print_info: f_max_alibi_bias = 0.0e+00
print_info: f_logit_scale    = 0.0e+00
print_info: f_attn_scale     = 6.2e-02
print_info: n_ff             = 15360
print_info: n_expert         = 0
print_info: n_expert_used    = 0
print_info: causal attn      = 1
print_info: pooling type     = 0
print_info: rope type        = 2
print_info: rope scaling     = linear
print_info: freq_base_train  = 1000000.0
print_info: freq_scale_train = 0.125
print_info: n_ctx_orig_yarn  = 131072
print_info: rope_finetuned   = unknown
print_info: ssm_d_conv       = 0
print_info: ssm_d_inner      = 0
print_info: ssm_d_state      = 0
print_info: ssm_dt_rank      = 0
print_info: ssm_dt_b_c_rms   = 0
print_info: model type       = 12B
print_info: model params     = 11.77 B
print_info: general.name     = Gemma-3-12B-It
print_info: vocab type       = SPM
print_info: n_vocab          = 262208
print_info: n_merges         = 0
print_info: BOS token        = 2 '<bos>'
print_info: EOS token        = 106 '<end_of_turn>'
print_info: EOT token        = 106 '<end_of_turn>'
print_info: UNK token        = 3 '<unk>'
print_info: PAD token        = 0 '<pad>'
print_info: LF token         = 248 '<0x0A>'
print_info: EOG token        = 106 '<end_of_turn>'
print_info: max token length = 48
load_tensors: loading model tensors, this can take a while... (mmap = true)
load_tensors:   CPU_Mapped model buffer size =  4293.52 MiB
.........................................................................................
llama_context: constructing llama_context
llama_context: n_seq_max     = 1
llama_context: n_ctx         = 4096
llama_context: n_ctx_per_seq = 4096
llama_context: n_batch       = 2048
llama_context: n_ubatch      = 512
llama_context: causal_attn   = 1
llama_context: flash_attn    = 0
llama_context: freq_base     = 1000000.0
llama_context: freq_scale    = 0.125
llama_context: n_ctx_per_seq (4096) < n_ctx_train (131072) -- the full capacity of the model will not be utilized
llama_context:        CPU  output buffer size =     1.00 MiB
llama_kv_cache_unified_iswa: creating non-SWA KV cache, size = 4096 cells
llama_kv_cache_unified:        CPU KV buffer size =   256.00 MiB
llama_kv_cache_unified: size =  256.00 MiB (  4096 cells,   8 layers,  1 seqs), K (f16):  128.00 MiB, V (f16):  128.00 MiB
llama_kv_cache_unified_iswa: creating     SWA KV cache, size = 3072 cells
llama_kv_cache_unified:        CPU KV buffer size =   960.00 MiB
llama_kv_cache_unified: size =  960.00 MiB (  3072 cells,  40 layers,  1 seqs), K (f16):  480.00 MiB, V (f16):  480.00 MiB
llama_context:        CPU compute buffer size =   519.62 MiB
llama_context: graph nodes  = 2119
llama_context: graph splits = 1
common_init_from_params: KV cache shifting is not supported for this context, disabling KV cache shifting
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
common_init_from_params: warming up the model with an empty run - please wait ... (--no-warmup to disable)
Segmentation fault
~/.../external_SD/LLMs $    

It happens late in the process:

llama_kv_cache_unified: layer  29: skipped
llama_kv_cache_unified: layer  30: dev = CPU
llama_kv_cache_unified: layer  31: dev = CPU
llama_kv_cache_unified: layer  32: dev = CPU
llama_kv_cache_unified: layer  33: dev = CPU
llama_kv_cache_unified: layer  34: dev = CPU
llama_kv_cache_unified: layer  35: skipped
llama_kv_cache_unified: layer  36: dev = CPU
llama_kv_cache_unified: layer  37: dev = CPU
llama_kv_cache_unified: layer  38: dev = CPU
llama_kv_cache_unified: layer  39: dev = CPU
llama_kv_cache_unified: layer  40: dev = CPU
llama_kv_cache_unified: layer  41: skipped
llama_kv_cache_unified: layer  42: dev = CPU
llama_kv_cache_unified: layer  43: dev = CPU
llama_kv_cache_unified: layer  44: dev = CPU
llama_kv_cache_unified: layer  45: dev = CPU
llama_kv_cache_unified: layer  46: dev = CPU
llama_kv_cache_unified: layer  47: skipped
llama_kv_cache_unified:        CPU KV buffer size =   960.00 MiB
llama_kv_cache_unified: size =  960.00 MiB (  3072 cells,  40 layers,  1 seqs), K (f16):  480.00 MiB, V (f16):  480.00 MiB
llama_context: enumerating backends
llama_context: backend_ptrs.size() = 1
llama_context: max_nodes = 65536
llama_context: worst-case: n_tokens = 512, n_seqs = 1, n_outputs = 0
llama_context: reserving graph for n_tokens = 512, n_seqs = 1
llama_context: reserving graph for n_tokens = 1, n_seqs = 1
llama_context: reserving graph for n_tokens = 512, n_seqs = 1
llama_context:        CPU compute buffer size =   519.62 MiB
llama_context: graph nodes  = 2119
llama_context: graph splits = 1
common_init_from_params: KV cache shifting is not supported for this context, disabling KV cache shifting
clear_adapter_lora: call
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
common_init_from_params: warming up the model with an empty run - please wait ... (--no-warmup to disable)
set_warmup: value = 1
set_warmup: value = 0
Segmentation fault

vs e.g.
llama-cli -m gemma-2b-it-q4_k_m.gguf -p "Introduce yourself as AI" -v , which still works:

...
llama_context: graph nodes  = 673
llama_context: graph splits = 1
clear_adapter_lora: call
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
common_init_from_params: warming up the model with an empty run - please wait ... (--no-warmup to disable)
set_warmup: value = 1
set_warmup: value = 0
main: llama threadpool init, n_threads = 8
attach_threadpool: call

system_info: n_threads = 8 (n_threads_batch = 8) / 8 | CPU : NEON = 1 | ARM_FMA = 1 | FP16_VA = 1 | DOTPROD = 1 | LLAMAFILE = 1 | OPENMP = 1 | AARCH64_REPACK = 1 | 

n_ctx: 4096, add_bos: 1
tokenize the prompt
prompt: "Introduce yourself as AI"
tokens: [ '<bos>':2, ' Introduce':119426, ' yourself':5804, ' as':685, ' AI':16481 ]
recalculate the cached logits (check): embd_inp.size() 5, n_matching_session_tokens 0, embd_inp.size() 5, session_tokens.size() 0
sampler seed: 2977104074
sampler params: 
	repeat_last_n = 64, repeat_penalty = 1.000, frequency_penalty = 0.000, presence_penalty = 0.000
	dry_multiplier = 0.000, dry_base = 1.750, dry_allowed_length = 2, dry_penalty_last_n = 4096
	top_k = 40, top_p = 0.950, min_p = 0.050, xtc_probability = 0.000, xtc_threshold = 0.100, typical_p = 1.000, top_n_sigma = -1.000, temp = 0.800
	mirostat = 0, mirostat_lr = 0.100, mirostat_ent = 5.000
sampler chain: logits -> logit-bias -> penalties -> dry -> top-n-sigma -> top-k -> typical -> top-p -> min-p -> xtc -> temp-ext -> dist 
generate: n_ctx = 4096, n_batch = 2048, n_predict = -1, n_keep = 1

embd_inp.size(): 5, n_consumed: 0
 Introduce yourself as AIeval: [ '<bos>':2, ' Introduce':119426, ' yourself':5804, ' as':685, ' AI':16481 ]
n_past = 5
n_remain: -2
 andeval: [ ' and':578 ]
n_past = 6
n_remain: -3
 provideeval: [ ' provide':3658 ]
n_past = 7
n_remain: -4
 aeval: [ ' a':476 ]
n_past = 8
n_remain: -5
 briefeval: [ ' brief':9091 ]
n_past = 9
n_remain: -6
 overvieweval: [ ' overview':23330 ]
n_past = 10
n_remain: -7
 ofeval: [ ' of':576 ]
n_past = 11
...

Update: also this is solved by: apt install llama-cpp-backend-opencl llama-cpp-backend-vulkan llama-cpp, see below.
ver. 2.1

[Manamama]

Update: some very new GGUFs work though:

~/.../external_SD/LLMs $ time llama-cli -m Absolute_Zero_Reasoner-Coder-14b.Q2_K.gguf -no-cnv -p "Introduce yourself as AI"  -t 18 
WARNING: linker: Warning: unable to normalize "none" (ignoring)
build: 5453 (6b56a646) with clang version 20.1.5 for aarch64-unknown-linux-android24
main: llama backend init
main: load the model and apply lora adapter, if any
llama_model_loader: loaded meta data with 31 key-value pairs and 579 tensors from Absolute_Zero_Reasoner-Coder-14b.Q2_K.gguf (version GGUF V3 (latest))
llama_model_loader: Dumping metadata keys/values. Note: KV overrides do not apply in this output.
llama_model_loader: - kv   0:                       general.architecture str              = qwen2
llama_model_loader: - kv   1:                               general.type str              = model
llama_model_loader: - kv   2:                               general.name str              = Absolute_Zero_Reasoner Coder 14b
llama_model_loader: - kv   3:                           general.basename str              = Absolute_Zero_Reasoner-Coder
llama_model_loader: - kv   4:                         general.size_label str              = 14B
llama_model_loader: - kv   5:                          qwen2.block_count u32              = 48
llama_model_loader: - kv   6:                       qwen2.context_length u32              = 32768
llama_model_loader: - kv   7:                     qwen2.embedding_length u32              = 5120
llama_model_loader: - kv   8:                  qwen2.feed_forward_length u32              = 13824
llama_model_loader: - kv   9:                 qwen2.attention.head_count u32              = 40
llama_model_loader: - kv  10:              qwen2.attention.head_count_kv u32              = 8
llama_model_loader: - kv  11:                       qwen2.rope.freq_base f32              = 1000000.000000
llama_model_loader: - kv  12:     qwen2.attention.layer_norm_rms_epsilon f32              = 0.000001
llama_model_loader: - kv  13:                       tokenizer.ggml.model str              = gpt2
llama_model_loader: - kv  14:                         tokenizer.ggml.pre str              = qwen2
llama_model_loader: - kv  15:                      tokenizer.ggml.tokens arr[str,152064]  = ["!", "\"", "#", "$", "%", "&", "'", ...
llama_model_loader: - kv  16:                  tokenizer.ggml.token_type arr[i32,152064]  = [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ...
llama_model_loader: - kv  17:                      tokenizer.ggml.merges arr[str,151387]  = ["Ġ Ġ", "ĠĠ ĠĠ", "i n", "Ġ t",...
llama_model_loader: - kv  18:                tokenizer.ggml.eos_token_id u32              = 151643
llama_model_loader: - kv  19:            tokenizer.ggml.padding_token_id u32              = 151643
llama_model_loader: - kv  20:               tokenizer.ggml.add_bos_token bool             = false
llama_model_loader: - kv  21:                    tokenizer.chat_template str              = {%- for message in messages -%}{{- '\n...
llama_model_loader: - kv  22:               general.quantization_version u32              = 2
llama_model_loader: - kv  23:                          general.file_type u32              = 10
llama_model_loader: - kv  24:                                general.url str              = https://huggingface.co/mradermacher/A...
llama_model_loader: - kv  25:              mradermacher.quantize_version str              = 2
llama_model_loader: - kv  26:                  mradermacher.quantized_by str              = mradermacher
llama_model_loader: - kv  27:                  mradermacher.quantized_at str              = 2025-05-07T00:32:25+02:00
llama_model_loader: - kv  28:                  mradermacher.quantized_on str              = rich1
llama_model_loader: - kv  29:                         general.source.url str              = https://huggingface.co/andrewzh/Absol...
llama_model_loader: - kv  30:                  mradermacher.convert_type str              = hf
llama_model_loader: - type  f32:  241 tensors
llama_model_loader: - type q2_K:  193 tensors
llama_model_loader: - type q3_K:   96 tensors
llama_model_loader: - type q4_K:   48 tensors
llama_model_loader: - type q6_K:    1 tensors
print_info: file format = GGUF V3 (latest)
print_info: file type   = Q2_K - Medium
print_info: file size   = 5.37 GiB (3.12 BPW) 
load: special tokens cache size = 22
load: token to piece cache size = 0.9310 MB
print_info: arch             = qwen2
print_info: vocab_only       = 0
print_info: n_ctx_train      = 32768
print_info: n_embd           = 5120
print_info: n_layer          = 48
print_info: n_head           = 40
print_info: n_head_kv        = 8
print_info: n_rot            = 128
print_info: n_swa            = 0
print_info: n_swa_pattern    = 1
print_info: n_embd_head_k    = 128
print_info: n_embd_head_v    = 128
print_info: n_gqa            = 5
print_info: n_embd_k_gqa     = 1024
print_info: n_embd_v_gqa     = 1024
print_info: f_norm_eps       = 0.0e+00
print_info: f_norm_rms_eps   = 1.0e-06
print_info: f_clamp_kqv      = 0.0e+00
print_info: f_max_alibi_bias = 0.0e+00
print_info: f_logit_scale    = 0.0e+00
print_info: f_attn_scale     = 0.0e+00
print_info: n_ff             = 13824
print_info: n_expert         = 0
print_info: n_expert_used    = 0
print_info: causal attn      = 1
print_info: pooling type     = -1
print_info: rope type        = 2
print_info: rope scaling     = linear
print_info: freq_base_train  = 1000000.0
print_info: freq_scale_train = 1
print_info: n_ctx_orig_yarn  = 32768
print_info: rope_finetuned   = unknown
print_info: ssm_d_conv       = 0
print_info: ssm_d_inner      = 0
print_info: ssm_d_state      = 0
print_info: ssm_dt_rank      = 0
print_info: ssm_dt_b_c_rms   = 0
print_info: model type       = 14B
print_info: model params     = 14.77 B
print_info: general.name     = Absolute_Zero_Reasoner Coder 14b
print_info: vocab type       = BPE
print_info: n_vocab          = 152064
print_info: n_merges         = 151387
print_info: BOS token        = 11 ','
print_info: EOS token        = 151643 '<|endoftext|>'
print_info: EOT token        = 151645 '<|im_end|>'
print_info: PAD token        = 151643 '<|endoftext|>'
print_info: LF token         = 198 'Ċ'
print_info: FIM PRE token    = 151659 '<|fim_prefix|>'
print_info: FIM SUF token    = 151661 '<|fim_suffix|>'
print_info: FIM MID token    = 151660 '<|fim_middle|>'
print_info: FIM PAD token    = 151662 '<|fim_pad|>'
print_info: FIM REP token    = 151663 '<|repo_name|>'
print_info: FIM SEP token    = 151664 '<|file_sep|>'
print_info: EOG token        = 151643 '<|endoftext|>'
print_info: EOG token        = 151645 '<|im_end|>'
print_info: EOG token        = 151662 '<|fim_pad|>'
print_info: EOG token        = 151663 '<|repo_name|>'
print_info: EOG token        = 151664 '<|file_sep|>'
print_info: max token length = 256
load_tensors: loading model tensors, this can take a while... (mmap = true)
load_tensors:   CPU_Mapped model buffer size =  5497.48 MiB
.......................................................................................
llama_context: constructing llama_context
llama_context: n_seq_max     = 1
llama_context: n_ctx         = 4096
llama_context: n_ctx_per_seq = 4096
llama_context: n_batch       = 2048
llama_context: n_ubatch      = 512
llama_context: causal_attn   = 1
llama_context: flash_attn    = 0
llama_context: freq_base     = 1000000.0
llama_context: freq_scale    = 1
llama_context: n_ctx_per_seq (4096) < n_ctx_train (32768) -- the full capacity of the model will not be utilized
llama_context:        CPU  output buffer size =     0.58 MiB
llama_kv_cache_unified:        CPU KV buffer size =   768.00 MiB
llama_kv_cache_unified: size =  768.00 MiB (  4096 cells,  48 layers,  1 seqs), K (f16):  384.00 MiB, V (f16):  384.00 MiB
llama_context:        CPU compute buffer size =   368.01 MiB
llama_context: graph nodes  = 1878
llama_context: graph splits = 1
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
common_init_from_params: warming up the model with an empty run - please wait ... (--no-warmup to disable)
main: llama threadpool init, n_threads = 18

system_info: n_threads = 18 (n_threads_batch = 18) / 8 | CPU : NEON = 1 | ARM_FMA = 1 | FP16_VA = 1 | DOTPROD = 1 | LLAMAFILE = 1 | OPENMP = 1 | AARCH64_REPACK = 1 | 

sampler seed: 2031949129
sampler params: 
	repeat_last_n = 64, repeat_penalty = 1.000, frequency_penalty = 0.000, presence_penalty = 0.000
	dry_multiplier = 0.000, dry_base = 1.750, dry_allowed_length = 2, dry_penalty_last_n = 4096
	top_k = 40, top_p = 0.950, min_p = 0.050, xtc_probability = 0.000, xtc_threshold = 0.100, typical_p = 1.000, top_n_sigma = -1.000, temp = 0.800
	mirostat = 0, mirostat_lr = 0.100, mirostat_ent = 5.000
sampler chain: logits -> logit-bias -> penalties -> dry -> top-n-sigma -> top-k -> typical -> top-p -> min-p -> xtc -> temp-ext -> dist 
generate: n_ctx = 4096, n_batch = 2048, n_predict = -1, n_keep = 0

Introduce yourself as AI
 ... 

[slaren]

• Try building with -DLLAMA_SANITIZE_ADDRESS=ON
• Include a full callstack from gdb

[Manamama]

Trying: rm build/CMakeCache.txt && cmake -S . -B build -DLLAMA_CURL=ON -DLLAMA_SANITIZE_ADDRESS=ON && cmake --build build --target install

What does it change?

The below will take half an hour or more, so I will report the results later only:

-- The C compiler identification is Clang 20.1.5
-- The CXX compiler identification is Clang 20.1.5
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /data/data/com.termux/files/usr/bin/clang - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /data/data/com.termux/files/usr/bin/clang++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git: /data/data/com.termux/files/usr/bin/git (found version "2.49.0")
-- Using -fsanitize=address
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Failed
-- Check if compiler accepts -pthread
-- Check if compiler accepts -pthread - yes
-- Found Threads: TRUE
-- ccache found, compilation results will be cached. Disable with GGML_CCACHE=OFF.
-- CMAKE_SYSTEM_PROCESSOR: aarch64
-- Including CPU backend
-- Found OpenMP_C: -fopenmp=libomp (found version "5.1")
-- Found OpenMP_CXX: -fopenmp=libomp (found version "5.1")
-- Found OpenMP: TRUE (found version "5.1")
-- ARM detected
-- Performing Test GGML_COMPILER_SUPPORTS_FP16_FORMAT_I3E
-- Performing Test GGML_COMPILER_SUPPORTS_FP16_FORMAT_I3E - Failed
-- ARM -mcpu not found, -mcpu=native will be used
-- Performing Test GGML_MACHINE_SUPPORTS_dotprod
-- Performing Test GGML_MACHINE_SUPPORTS_dotprod - Success
-- Performing Test GGML_MACHINE_SUPPORTS_i8mm
-- Performing Test GGML_MACHINE_SUPPORTS_i8mm - Failed
-- Performing Test GGML_MACHINE_SUPPORTS_noi8mm
-- Performing Test GGML_MACHINE_SUPPORTS_noi8mm - Success
-- Performing Test GGML_MACHINE_SUPPORTS_sve
-- Performing Test GGML_MACHINE_SUPPORTS_sve - Failed
-- Performing Test GGML_MACHINE_SUPPORTS_nosve
-- Performing Test GGML_MACHINE_SUPPORTS_nosve - Success
-- Performing Test GGML_MACHINE_SUPPORTS_sme
-- Performing Test GGML_MACHINE_SUPPORTS_sme - Failed
-- Performing Test GGML_MACHINE_SUPPORTS_nosme
-- Performing Test GGML_MACHINE_SUPPORTS_nosme - Success
-- ARM feature DOTPROD enabled
-- ARM feature FMA enabled
-- ARM feature FP16_VECTOR_ARITHMETIC enabled
-- Adding CPU backend variant ggml-cpu: -mcpu=native+dotprod+noi8mm+nosve+nosme 
-- Looking for pthread_create in pthreads
-- Looking for pthread_create in pthreads - not found
-- Looking for pthread_create in pthread
-- Looking for pthread_create in pthread - found
-- Found CURL: /data/data/com.termux/files/usr/lib/libcurl.so (found version "8.13.0")
-- Configuring done (20.3s)
-- Generating done (1.0s)
-- Build files have been written to: /data/data/com.termux/files/home/downloads/llama.cpp/build
[  1%] Building C object ggml/src/CMakeFiles/ggml-base.dir/ggml-alloc.c.o
[  1%] Building CXX object ggml/src/CMakeFiles/ggml-base.dir/ggml-backend.cpp.o
...

[slaren]

What does it change?

I enables address sanitizer, which might help find memory corruption issues.

[Manamama]

Hm:

- Installing: /data/data/com.termux/files/usr/lib/libllama.so
-- Set non-toolchain portion of runtime path of "/data/data/com.termux/files/usr/lib/libllama.so" to ""
-- Up-to-date: /data/data/com.termux/files/usr/include/llama.h
-- Up-to-date: /data/data/com.termux/files/usr/include/llama-cpp.h
-- Up-to-date: /data/data/com.termux/files/usr/lib/cmake/llama/llama-config.cmake
-- Up-to-date: /data/data/com.termux/files/usr/lib/cmake/llama/llama-version.cmake
-- Up-to-date: /data/data/com.termux/files/usr/bin/convert_hf_to_gguf.py
-- Up-to-date: /data/data/com.termux/files/usr/lib/pkgconfig/llama.pc
~/downloads/llama.cpp $ 
~/downloads/llama.cpp $ 
~/downloads/llama.cpp $ 
~/downloads/llama.cpp $ 
~/downloads/llama.cpp $ 
~/downloads/llama.cpp $ llama-server -hf ggml-org/SmolVLM-500M-Instruct-GGUF --no-warmup
CANNOT LINK EXECUTABLE "llama-server": cannot locate symbol "__sanitizer_annotate_double_ended_contiguous_container" referenced by "/data/data/com.termux/files/usr/bin/llama-server"...
~/downloads/llama.cpp $ ldd /data/data/com.termux/files/usr/bin/llama-server
	libclang_rt.asan-aarch64-android.so => /system/lib64/libclang_rt.asan-aarch64-android.so
	liblog.so => /system/lib64/liblog.so
	libargp.so => /data/data/com.termux/files/usr/lib/libargp.so
	libm.so => /system/lib64/libm.so
	libc.so => /system/lib64/libc.so
	libcurl.so => /data/data/com.termux/files/usr/lib/libcurl.so
	libllama.so => /data/data/com.termux/files/usr/lib/libllama.so
	libggml.so => /data/data/com.termux/files/usr/lib/libggml.so
	libggml-cpu.so => /data/data/com.termux/files/usr/lib/libggml-cpu.so
	libggml-base.so => /data/data/com.termux/files/usr/lib/libggml-base.so
	libc++_shared.so => /data/data/com.termux/files/usr/lib/libc++_shared.so
	libdl.so => /system/lib64/libdl.so
	ld-android.so => /system/lib64/ld-android.so
	libc++.so => /system/lib64/libc++.so
	libnghttp3.so => /data/data/com.termux/files/usr/lib/libnghttp3.so
	libnghttp2.so => /data/data/com.termux/files/usr/lib/libnghttp2.so
	libssh2.so => /data/data/com.termux/files/usr/lib/libssh2.so
	libssl.so.3 => /data/data/com.termux/files/usr/lib/libssl.so.3
	libcrypto.so.3 => /data/data/com.termux/files/usr/lib/libcrypto.so.3
	libz.so.1 => /data/data/com.termux/files/usr/lib/libz.so.1
~/downloads/llama.cpp $ 

as:

/downloads/llama.cpp $ gdb --args llama-cli -hf ggml-org/SmolVLM-500M-Instruct-GGUF
GNU gdb (GDB) 15.2
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-linux-android".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from llama-cli...
(gdb) run
Starting program: /data/data/com.termux/files/usr/bin/llama-cli -hf ggml-org/SmolVLM-500M-Instruct-GGUF
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/data/data/com.termux/files/usr/lib/libthread_db.so".
CANNOT LINK EXECUTABLE "/data/data/com.termux/files/usr/bin/llama-cli": cannot locate symbol "__sanitizer_annotate_double_ended_contiguous_container" referenced by "/data/data/com.termux/files/usr/bin/llama-cli"...
[Inferior 1 (process 17351) exited with code 01]
(gdb) 

Grok's analysis:

Analysis
Key Observations from locate libclang_rt.asan
The output shows:
Termux provides ASan runtimes in /data/data/com.termux/files/usr/lib/clang/20/lib/linux/ for multiple architectures, including:
libclang_rt.asan-aarch64-android.so (shared library, suitable for your aarch64 CPU).

libclang_rt.asan-aarch64-android.a (static library).

Variants like libclang_rt.asan_cxx-aarch64-android.a (for C++-specific ASan features).

Additional ASan libraries exist in /data/data/com.termux/files/usr/opt/ndk-multilib/cross-compiler-rt/, likely from an Android NDK installation, which may cause confusion in the linker.

The ldd output from your previous message shows llama-server links to /system/lib64/libclang_rt.asan-aarch64-android.so, which is Android’s system ASan library and likely incompatible with Clang 20.1.5 (missing the __sanitizer_annotate_double_ended_contiguous_container symbol).

Why the Wrong ASan Library is Used
The linker prioritizes /system/lib64/libclang_rt.asan-aarch64-android.so over Termux’s /data/data/com.termux/files/usr/lib/clang/20/lib/linux/libclang_rt.asan-aarch64-android.so due to:
Linker Search Path:
Android’s dynamic linker (ld-android.so) includes /system/lib64 in its default search path, which takes precedence over Termux’s paths unless explicitly overridden.

CMake may not be correctly configuring the linker to prioritize Termux’s ASan library.

CMake Configuration:
The CMake command (cmake -S . -B build -DLLAMA_CURL=ON -DLLAMA_SANITIZE_ADDRESS=ON) enables ASan but doesn’t explicitly specify the ASan runtime path. Clang’s default behavior on Android may pull the system’s ASan library.

...

Grok advises below, which I am trying now:

cd ~/downloads/llama.cpp
rm -rf build
mkdir build && cd build
cmake -S .. -B . -DLLAMA_CURL=ON -DLLAMA_SANITIZE_ADDRESS=ON \
  -DCMAKE_C_FLAGS="-fsanitize=address -I/data/data/com.termux/files/usr/include" \
  -DCMAKE_CXX_FLAGS="-fsanitize=address -I/data/data/com.termux/files/usr/include" \
  -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address -L/data/data/com.termux/files/usr/lib/clang/20/lib/linux -lclang_rt.asan-aarch64-android" \
  -DLLAMA_NATIVE=ON ..
rm /data/data/com.termux/files/usr/bin/llama-server

make install

which has not helped to avoid:

llama-server -hf ggml-org/SmolVLM-500M-Instruct-GGUF                              CANNOT LINK EXECUTABLE "llama-server": cannot locate symbol "__sanitizer_annotate_double_ended_contiguous_container" referenced by "/data/data/com.termux/files/usr/bin/llama-server"...

Ver 1.3

[slaren]

If address sanitizer doesn't work on termux, a full call stack from gdb with a debug build would still be useful.

[Manamama]

Voila, I have used the newest version (git pull):

-- Installing: /data/data/com.termux/files/usr/lib/libllama.so
-- Set non-toolchain portion of runtime path of "/data/data/com.termux/files/usr/lib/libllama.so" to ""
-- Up-to-date: /data/data/com.termux/files/usr/include/llama.h
-- Up-to-date: /data/data/com.termux/files/usr/include/llama-cpp.h
-- Installing: /data/data/com.termux/files/usr/lib/cmake/llama/llama-config.cmake
-- Installing: /data/data/com.termux/files/usr/lib/cmake/llama/llama-version.cmake
-- Up-to-date: /data/data/com.termux/files/usr/bin/convert_hf_to_gguf.py
-- Installing: /data/data/com.termux/files/usr/lib/pkgconfig/llama.pc
~/.../llama.cpp/build $ 
~/.../llama.cpp/build $ 
~/.../llama.cpp/build $ gdb --args llama-server -hf ggml-org/SmolVLM-500M-Instruct-GGUF --no-warmup
(gdb) run
(gdb) bt full
GNU gdb (GDB) 15.2
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-linux-android".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from llama-server...
(gdb) run
Starting program: /data/data/com.termux/files/usr/bin/llama-server -hf ggml-org/SmolVLM-500M-Instruct-GGUF --no-warmup
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/data/data/com.termux/files/usr/lib/libthread_db.so".

\register_backend: registered backend CPU (1 devices)
register_device: registered device CPU (CPU)
[New Thread 0xabe (LWP 2750)]
[Thread 0xabe (LWP 2750) exited]
[New Thread 0xb03 (LWP 2819)]
curl_perform_with_retry: HEAD https://huggingface.co/ggml-org/SmolVLM-500M-Instruct-GGUF/resolve/main/SmolVLM-500M-Instruct-Q8_0.gguf (attempt 1 of 1)...
[New Thread 0xb04 (LWP 2820)]
[Thread 0xb04 (LWP 2820) exited]
[New Thread 0xb2a (LWP 2858)]
[Thread 0xb2a (LWP 2858) exited]
common_download_file_single: using cached file: /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf
curl_perform_with_retry: HEAD https://huggingface.co/ggml-org/SmolVLM-500M-Instruct-GGUF/resolve/main/mmproj-SmolVLM-500M-Instruct-Q8_0.gguf (attempt 1 of 1)...
[New Thread 0xb49 (LWP 2889)]
[Thread 0xb49 (LWP 2889) exited]
[New Thread 0xb74 (LWP 2932)]
[Thread 0xb74 (LWP 2932) exited]
common_download_file_single: using cached file: /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_mmproj-SmolVLM-500M-Instruct-Q8_0.gguf
build: 5470 (b775345d) with clang version 20.1.5 for aarch64-unknown-linux-android24 (debug)
system info: n_threads = 8, n_threads_batch = 8, total_threads = 8

system_info: n_threads = 8 (n_threads_batch = 8) / 8 | CPU : NEON = 1 | ARM_FMA = 1 | FP16_VA = 1 | DOTPROD = 1 | LLAMAFILE = 1 | OPENMP = 1 | AARCH64_REPACK = 1 | 

main: binding port with default address family
[New Thread 0xb88 (LWP 2952)]
[New Thread 0xb89 (LWP 2953)]
main: HTTP server is listening, hostname: 127.0.0.1, port: 8080, http threads: 7
main: loading model
srv    load_model: loading model '/data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf'
[New Thread 0xb8a (LWP 2954)]
[New Thread 0xb8b (LWP 2955)]
[New Thread 0xb8c (LWP 2956)]
[New Thread 0xb8d (LWP 2957)]
[New Thread 0xb8e (LWP 2958)]
[New Thread 0xb8f (LWP 2959)]
llama_model_loader: loaded meta data with 49 key-value pairs and 291 tensors from /data/data/com.termux/files/home/.cache/llama.cpp/ggml-org_SmolVLM-500M-Instruct-GGUF_SmolVLM-500M-Instruct-Q8_0.gguf (version GGUF V3 (latest))
llama_model_loader: Dumping metadata keys/values. Note: KV overrides do not apply in this output.
llama_model_loader: - kv   0:                       general.architecture str              = llama
llama_model_loader: - kv   1:                               general.type str              = model
llama_model_loader: - kv   2:                               general.name str              = SmolVLM 500M Instruct
llama_model_loader: - kv   3:                           general.finetune str              = Instruct
llama_model_loader: - kv   4:                           general.basename str              = SmolVLM
llama_model_loader: - kv   5:                         general.size_label str              = 500M
llama_model_loader: - kv   6:                            general.license str              = apache-2.0
llama_model_loader: - kv   7:                   general.base_model.count u32              = 2
llama_model_loader: - kv   8:                  general.base_model.0.name str              = SmolLM2 360M Instruct
llama_model_loader: - kv   9:          general.base_model.0.organization str              = HuggingFaceTB
llama_model_loader: - kv  10:              general.base_model.0.repo_url str              = https://huggingface.co/HuggingFaceTB/...
llama_model_loader: - kv  11:                  general.base_model.1.name str              = Siglip Base Patch16 512
llama_model_loader: - kv  12:               general.base_model.1.version str              = 512
llama_model_loader: - kv  13:          general.base_model.1.organization str              = Google
llama_model_loader: - kv  14:              general.base_model.1.repo_url str              = https://huggingface.co/google/siglip-...
llama_model_loader: - kv  15:                      general.dataset.count u32              = 2
llama_model_loader: - kv  16:                     general.dataset.0.name str              = The_Cauldron
llama_model_loader: - kv  17:             general.dataset.0.organization str              = HuggingFaceM4
llama_model_loader: - kv  18:                 general.dataset.0.repo_url str              = https://huggingface.co/HuggingFaceM4/...
llama_model_loader: - kv  19:                     general.dataset.1.name str              = Docmatix
llama_model_loader: - kv  20:             general.dataset.1.organization str              = HuggingFaceM4
llama_model_loader: - kv  21:                 general.dataset.1.repo_url str              = https://huggingface.co/HuggingFaceM4/...
llama_model_loader: - kv  22:                               general.tags arr[str,1]       = ["image-text-to-text"]
llama_model_loader: - kv  23:                          general.languages arr[str,1]       = ["en"]
llama_model_loader: - kv  24:                          llama.block_count u32              = 32
llama_model_loader: - kv  25:                       llama.context_length u32              = 8192
llama_model_loader: - kv  26:                     llama.embedding_length u32              = 960
llama_model_loader: - kv  27:                  llama.feed_forward_length u32              = 2560
llama_model_loader: - kv  28:                 llama.attention.head_count u32              = 15
llama_model_loader: - kv  29:              llama.attention.head_count_kv u32              = 5
llama_model_loader: - kv  30:                       llama.rope.freq_base f32              = 100000.000000
llama_model_loader: - kv  31:     llama.attention.layer_norm_rms_epsilon f32              = 0.000010
llama_model_loader: - kv  32:                 llama.attention.key_length u32              = 64
llama_model_loader: - kv  33:               llama.attention.value_length u32              = 64
llama_model_loader: - kv  34:                           llama.vocab_size u32              = 49280
llama_model_loader: - kv  35:                 llama.rope.dimension_count u32              = 64
llama_model_loader: - kv  36:                       tokenizer.ggml.model str              = gpt2
llama_model_loader: - kv  37:                         tokenizer.ggml.pre str              = smollm
llama_model_loader: - kv  38:                      tokenizer.ggml.tokens arr[str,49280]   = ["<|endoftext|>", "<|im_start|>", "<|...
llama_model_loader: - kv  39:                  tokenizer.ggml.token_type arr[i32,49280]   = [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, ...
llama_model_loader: - kv  40:                      tokenizer.ggml.merges arr[str,48900]   = ["Ġ t", "Ġ a", "i n", "h e", "Ġ Ġ...
llama_model_loader: - kv  41:                tokenizer.ggml.bos_token_id u32              = 1
llama_model_loader: - kv  42:                tokenizer.ggml.eos_token_id u32              = 49279
llama_model_loader: - kv  43:            tokenizer.ggml.unknown_token_id u32              = 0
llama_model_loader: - kv  44:            tokenizer.ggml.padding_token_id u32              = 2
llama_model_loader: - kv  45:                    tokenizer.chat_template str              = <|im_start|>{% for message in message...
llama_model_loader: - kv  46:            tokenizer.ggml.add_space_prefix bool             = false
llama_model_loader: - kv  47:               general.quantization_version u32              = 2
llama_model_loader: - kv  48:                          general.file_type u32              = 7
llama_model_loader: - type  f32:   65 tensors
llama_model_loader: - type q8_0:  226 tensors
print_info: file format = GGUF V3 (latest)
print_info: file type   = Q8_0
print_info: file size   = 414.86 MiB (8.50 BPW) 
load: special_eos_id is not in special_eog_ids - the tokenizer config may be incorrect
load: special tokens cache size = 145
load: token to piece cache size = 0.3199 MB
print_info: arch             = llama
print_info: vocab_only       = 0
print_info: n_ctx_train      = 8192
print_info: n_embd           = 960
print_info: n_layer          = 32
print_info: n_head           = 15
print_info: n_head_kv        = 5
print_info: n_rot            = 64
print_info: n_swa            = 0
print_info: is_swa_any       = 0
print_info: n_embd_head_k    = 64
print_info: n_embd_head_v    = 64
print_info: n_gqa            = 3
print_info: n_embd_k_gqa     = 320
print_info: n_embd_v_gqa     = 320
print_info: f_norm_eps       = 0.0e+00
print_info: f_norm_rms_eps   = 1.0e-05
print_info: f_clamp_kqv      = 0.0e+00
print_info: f_max_alibi_bias = 0.0e+00
print_info: f_logit_scale    = 0.0e+00
print_info: f_attn_scale     = 0.0e+00
print_info: n_ff             = 2560
print_info: n_expert         = 0
print_info: n_expert_used    = 0
print_info: causal attn      = 1
print_info: pooling type     = 0
print_info: rope type        = 0
print_info: rope scaling     = linear
print_info: freq_base_train  = 100000.0
print_info: freq_scale_train = 1
print_info: n_ctx_orig_yarn  = 8192
print_info: rope_finetuned   = unknown
print_info: ssm_d_conv       = 0
print_info: ssm_d_inner      = 0
print_info: ssm_d_state      = 0
print_info: ssm_dt_rank      = 0
print_info: ssm_dt_b_c_rms   = 0
print_info: model type       = 8B
print_info: model params     = 409.25 M
print_info: general.name     = SmolVLM 500M Instruct
print_info: vocab type       = BPE
print_info: n_vocab          = 49280
print_info: n_merges         = 48900
print_info: BOS token        = 1 '<|im_start|>'
print_info: EOS token        = 49279 '<end_of_utterance>'
print_info: EOT token        = 2 '<|im_end|>'
print_info: UNK token        = 0 '<|endoftext|>'
print_info: PAD token        = 2 '<|im_end|>'
print_info: LF token         = 198 'Ċ'
print_info: FIM REP token    = 4 '<reponame>'
print_info: EOG token        = 0 '<|endoftext|>'
print_info: EOG token        = 2 '<|im_end|>'
print_info: EOG token        = 4 '<reponame>'
print_info: EOG token        = 49279 '<end_of_utterance>'
print_info: max token length = 162
load_tensors: loading model tensors, this can take a while... (mmap = true)
load_tensors:   CPU_Mapped model buffer size =   414.86 MiB
...............................................................................
llama_context: constructing llama_context
llama_context: n_seq_max     = 1
llama_context: n_ctx         = 4096
llama_context: n_ctx_per_seq = 4096
llama_context: n_batch       = 2048
llama_context: n_ubatch      = 512
llama_context: causal_attn   = 1
llama_context: flash_attn    = 0
llama_context: freq_base     = 100000.0
llama_context: freq_scale    = 1
llama_context: n_ctx_per_seq (4096) < n_ctx_train (8192) -- the full capacity of the model will not be utilized
llama_context:        CPU  output buffer size =     0.19 MiB
llama_kv_cache_unified:        CPU KV buffer size =   160.00 MiB
llama_kv_cache_unified: size =  160.00 MiB (  4096 cells,  32 layers,  1 seqs), K (f16):   80.00 MiB, V (f16):   80.00 MiB
llama_context:        CPU compute buffer size =   135.51 MiB
llama_context: graph nodes  = 1158
llama_context: graph splits = 1
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096

Thread 1 "llama-server" received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) 
(gdb) \

Grok keeps advising:

cd ~/downloads/llama.cpp
rm -rf build
mkdir build && cd build
cmake -S .. -B . -DLLAMA_CURL=ON -DCMAKE_BUILD_TYPE=Debug \
  -DCMAKE_CXX_FLAGS="-nostdlib++ -L/data/data/com.termux/files/usr/lib -lc++_shared" \
  -DCMAKE_EXE_LINKER_FLAGS="-L/data/data/com.termux/files/usr/lib -lc++_shared"
make install 

but that had not worked, either.

[slaren]

Type bt in gdb after the crash to obtain a full call stack.

[Manamama]

Voila, I hope these be enough:

Thread 1 "llama-server" received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) 
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x0000007fbdbafcc8 in ?? () from /data/data/com.termux/files/usr/lib/libc++_shared.so
#2  0x0000007fbdbaf9bc in ?? () from /data/data/com.termux/files/usr/lib/libc++_shared.so
#3  0x0000007fbdb3c3c8 in ?? () from /data/data/com.termux/files/usr/lib/libc++_shared.so
#4  0x0000007fbdb3c1f4 in __gxx_personality_v0 () from /data/data/com.termux/files/usr/lib/libc++_shared.so
#5  0x0000007fbe0d19e0 in _Unwind_RaiseException_Phase2 () from /apex/com.android.runtime/lib64/bionic/libc.so
#6  0x0000007fbe0d1ee8 in _Unwind_Resume () from /apex/com.android.runtime/lib64/bionic/libc.so
#7  0x0000005555a85938 in minja::Value::call (this=0x7fffff2980, context=..., args=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:269
#8  0x0000005555ad1d90 in minja::FilterExpr::do_evaluate (this=0xb400007fbc8380a8, context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:1601
#9  0x0000005555ab5890 in minja::Expression::evaluate (this=0xb400007fbc8380a8, context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:667
#10 0x0000005555ae9294 in minja::ExpressionNode::do_render (this=0xb400007fbc838378, out=..., context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:906
#11 0x0000005555a925d4 in minja::TemplateNode::render (this=0xb400007fbc838378, out=..., context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:858
#12 0x0000005555af265c in minja::SequenceNode::do_render (this=0xb400007fbc8385f8, out=..., context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:887
#13 0x0000005555a925d4 in minja::TemplateNode::render (this=0xb400007fbc8385f8, out=..., context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:858
#14 0x0000005555ae3644 in minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}::operator()(minja::Value&) const (this=0xb400007fbc851858, iter=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:1011
#15 0x0000005555ae2db4 in std::__ndk1::__invoke[abi:ne180000]<minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}&, minja::Value&>(minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}&, minja::Value&) (__f=..., __args=...) at /data/data/com.termux/files/usr/include/c++/v1/__type_traits/invoke.h:344
#16 0x0000005555ae2d64 in std::__ndk1::__invoke_void_return_wrapper<void, true>::__call[abi:ne180000]<minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}&, minja::Value&>(minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}&, minja::Value&) (__args=..., __args=...)
    at /data/data/com.termux/files/usr/include/c++/v1/__type_traits/invoke.h:419
#17 0x0000005555ae2d38 in std::__ndk1::__function::__alloc_func<minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}, std::__ndk1::allocator<minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}>, void (minja::Value&)>::operator()[abi:ne180000](minja::Value&) (this=0xb400007fbc851858, __arg=...)
    at /data/data/com.termux/files/usr/include/c++/v1/__functional/function.h:166
#18 0x0000005555ae2160 in std::__ndk1::__function::__func<minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}, std::__ndk1::allocator<minja::ForNode::do_render(std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >&, std::__ndk1::shared_ptr<minja::Context> const&) const::{lambda(minja::Value&)#1}>, void (minja::Value&)>::operator()(minja::Value&) (this=0xb400007fbc851850, __arg=...)
    at /data/data/com.termux/files/usr/include/c++/v1/__functional/function.h:308
#19 0x0000005555ac966c in std::__ndk1::__function::__value_func<void (minja::Value&)>::operator()[abi:ne180000](minja::Value&) const (this=0x7fffff3ff0, __args=...)
    at /data/data/com.termux/files/usr/include/c++/v1/__functional/function.h:425
#20 0x0000005555ac961c in std::__ndk1::function<void(minja::Value&)>::operator() (this=0x7fffff3ff0, __arg=...) at /data/data/com.termux/files/usr/include/c++/v1/__functional/function.h:978
#21 0x0000005555ae1874 in minja::ForNode::do_render (this=0xb400007fbc83e058, out=..., context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:1031
#22 0x0000005555a925d4 in minja::TemplateNode::render (this=0xb400007fbc83e058, out=..., context=...) at /data/data/com.termux/files/home/downloads/llama.cpp/common/minja/minja.hpp:858

...

Reminder:

~/.../llama.cpp/build $ llama-cli
register_backend: registered backend CPU (1 devices)
register_device: registered device CPU (CPU)
build: 5470 (b775345d) with clang version 20.1.5 for aarch64-unknown-linux-android24 (debug)

It used to work with most ggufs before at least in my Termux back then.

Also, it works in prooted Debian and in plain Ubuntu
Linux above-hp2-silver 6.2.0-39-generic #40~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 16 10:53:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
, where however it kvetches about templates:

...............................................................................
llama_context: constructing llama_context
llama_context: n_seq_max     = 1
llama_context: n_ctx         = 4096
llama_context: n_ctx_per_seq = 4096
llama_context: n_batch       = 2048
llama_context: n_ubatch      = 512
llama_context: causal_attn   = 1
llama_context: flash_attn    = 0
llama_context: freq_base     = 100000.0
llama_context: freq_scale    = 1
llama_context: n_ctx_per_seq (4096) < n_ctx_train (8192) -- the full capacity of the model will not be utilized
llama_context:        CPU  output buffer size =     0.19 MiB
llama_kv_cache_unified:        CPU KV buffer size =   160.00 MiB
llama_kv_cache_unified: size =  160.00 MiB (  4096 cells,  32 layers,  1 seqs), K (f16):   80.00 MiB, V (f16):   80.00 MiB
llama_context:        CPU compute buffer size =   135.51 MiB
llama_context: graph nodes  = 1158
llama_context: graph splits = 1
common_init_from_params: setting dry_penalty_last_n to ctx_size = 4096
Failed to generate tool call example: Value is not callable: null at row 1, column 72:
<|im_start|>{% for message in messages %}{{message['role'] | capitalize}}{% if message['content'][0]['type'] == 'image' %}{{':'}}{% else %}{{': '}}{% endif %}{% for line in message['content'] %}{% if line['type'] == 'text' %}{{line['text']}}{% elif line['type'] == 'image' %}{{ '<image>' }}{% endif %}{% endfor %}<end_of_utterance>
                                                                       ^
{% endfor %}{% if add_generation_prompt %}{{ 'Assistant:' }}{% endif %}
 at row 1, column 42:
<|im_start|>{% for message in messages %}{{message['role'] | capitalize}}{% if message['content'][0]['type'] == 'image' %}{{':'}}{% else %}{{': '}}{% endif %}{% for line in message['content'] %}{% if line['type'] == 'text' %}{{line['text']}}{% elif line['type'] == 'image' %}{{ '<image>' }}{% endif %}{% endfor %}<end_of_utterance>
                                         ^
{% endfor %}{% if add_generation_prompt %}{{ 'Assistant:' }}{% endif %}
 at row 1, column 42:
<|im_start|>{% for message in messages %}{{message['role'] | capitalize}}{% if message['content'][0]['type'] == 'image' %}{{':'}}{% else %}{{': '}}{% endif %}{% for line in message['content'] %}{% if line['type'] == 'text' %}{{line['text']}}{% elif line['type'] == 'image' %}{{ '<image>' }}{% endif %}{% endfor %}<end_of_utterance>
                                         ^
{% endfor %}{% if add_generation_prompt %}{{ 'Assistant:' }}{% endif %}
 at row 1, column 13:
<|im_start|>{% for message in messages %}{{message['role'] | capitalize}}{% if message['content'][0]['type'] == 'image' %}{{':'}}{% else %}{{': '}}{% endif %}{% for line in message['content'] %}{% if line['type'] == 'text' %}{{line['text']}}{% elif line['type'] == 'image' %}{{ '<image>' }}{% endif %}{% endfor %}<end_of_utterance>
            ^
{% endfor %}{% if add_generation_prompt %}{{ 'Assistant:' }}{% endif %}
 at row 1, column 1:
<|im_start|>{% for message in messages %}{{message['role'] | capitalize}}{% if message['content'][0]['type'] == 'image' %}{{':'}}{% else %}{{': '}}{% endif %}{% for line in message['content'] %}{% if line['type'] == 'text' %}{{line['text']}}{% elif line['type'] == 'image' %}{{ '<image>' }}{% endif %}{% endfor %}<end_of_utterance>
^
{% endfor %}{% if add_generation_prompt %}{{ 'Assistant:' }}{% endif %}

clip_ctx: CLIP using CPU backend
clip_model_loader: model name:   SmolVLM 500M Instruct
clip_model_loader: description:  
clip_model_loader: GGUF version: 3
clip_model_loader: alignment:    32
clip_model_loader: n_tensors:    198
clip_model_loader: n_kv:         40

...
User: Hello<end_of_utterance>
Assistant: Hi there<end_of_utterance>
User: How are you?<end_of_utterance>
Assistant:'
main: server is listening on http://127.0.0.1:8080 - starting the main loop
srv  update_slots: all slots are idle

[Manamama]

This is what Grok AI thinks about it, for what it is worth:

Ubuntu/Prooted Debian Behavior:
In Ubuntu (6.2.0-39-generic) and Prooted Debian, the model loads successfully despite minja errors: Failed to generate tool call example: Value is not callable: null at row 1, column 72. This error occurs when minja tries to render the tokenizer.chat_template (<|im_start|>{% for message in messages %}...), specifically when evaluating message['role'] | capitalize or message['content'][0]['type'].

The error suggests that messages contains a null value or an invalid structure, causing minja to fail when calling a non-callable value (e.g., capitalize on a null role). However, glibc (Ubuntu/Debian) handles this gracefully, continuing execution, while Bionic (Termux) crashes with a SIGSEGV due to stricter memory or exception handling.

Crash in Termux:
The Termux crash occurs in minja::ForNode::do_render (frame #14, minja.hpp:1011), during the same template rendering process. The backtrace shows a null pointer dereference (0x0000000000000000) after calls to libc++_shared.so and exception handling (__gxx_personality_v0, _Unwind_RaiseException_Phase2).

The crash likely stems from minja attempting to process a null or invalid messages list, triggering undefined behavior in Bionic’s std::ostringstream or exception handling.

[Manamama]

Note to self:

~/downloads $ apt list | grep llama-                                                                          WARNING: apt does not have a stable CLI interface. Use with caution in scripts.                                                                                      llama-cpp-backend-opencl/stable 0.0.0-b5481-0 aarch64  llama-cpp-backend-vulkan/stable 0.0.0-b5481-0 aarch64  llama-cpp/stable,now 0.0.0-b5481-0 aarch64 [installed] ~/downloads $

So either removing or reinstalling llama-cpp seems to help. Not sure why - I suspect the .so version clashes...

Solves: #13708 (comment) and all the seg faults above in Termux: apt install llama-cpp-backend-opencl llama-cpp-backend-vulkan llama-cpp