x86 BLSMSK semantic bug
Description of problem
The result of instruction BLSMSK is different with from the CPU. The value of CF is different.

Steps to reproduce

Compile this code

void main() {
    asm("mov rax, 0x65b2e276ad27c67");
    asm("mov rbx, 0x62f34955226b2b5d");
    asm("blsmsk eax, ebx");
}

Execute and compare the result with the CPU.

CPU

CF = 0


QEMU

CF = 1

Additional information
This bug is discovered by research conducted by KAIST SoftSec.