Cryptography: pip install cryptography segmentation fault (SIGSEGV)

Can you say a little more about how you produced this case?

I just spun up a Zesty docker container, ran apt update && apt install curl python && curl -sSL https://bootstrap.pypa.io/get-pip.py | python && pip install virtualenv && virtualenv v && . v/bin/activate && pip install cryptography and didn't get the segfault.

Failing that, if you can reproduce this consistently, can you get a core dump?

Thanks for the quick response @alex!

I have the pip-python package from Ubuntu directly:

Package: python-pip
Version: 9.0.1-2
Priority: optional
Section: universe/python
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Debian Python Modules Team <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 671 kB
Depends: ca-certificates, python-pip-whl (= 9.0.1-2), python:any (<< 2.8), python:any (>= 2.7.5-5~)
Recommends: build-essential, python-all-dev (>= 2.6), python-setuptools, python-wheel
Homepage: https://pip.pypa.io/en/stable/
Download-Size: 151 kB
APT-Manual-Installed: yes
APT-Sources: http://gb.archive.ubuntu.com/ubuntu zesty/universe amd64 Packages

And I don't have virtualenv installed.

I'm also running it in a virtual machine, on VMWare Fusion 8.5.8. I tried in Bash as well in case it was shell-related, but it's the same. I was actually trying to run pip install jrnl first and when that didn't install I started looking at the dependencies to see what could be causing the segfault.

It happens every time, I've uploaded a core dump taken just now here: https://transfer.sh/10LTxK/_usr_bin_pip.1000.crash

This is stored by Ubuntu's apport program, where core dumps are automatically sent, so I hope it's in a useful format.

Hmmm, I'm having trouble getting gdb to show me names for the stack frames. Can you try this and let me know if you get anything useful?

$ apt install apport
$ mkdir x
$ apport-unpack _usr_bin_pip.1000.crash x
$ cd x
$ gdb -c CoreDump
> bt

So, yes I have the same problem with names in the stack (just "??"). As a guess, I installed the python-dbg package and tried to recreate the crash by running python-dbg /usr/bin/pip install cryptography, which fails to install but doesn't segfault!

andrew@zhaan:/var/crash$ python-dbg /usr/bin/pip install cryptography                                                                                                                                  [58/3724]
Collecting cryptography
  Downloading cryptography-2.0.2.tar.gz (427kB)
    100% |████████████████████████████████| 430kB 127kB/s
Collecting idna>=2.1 (from cryptography)
  Using cached idna-2.5-py2.py3-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography)
  Using cached asn1crypto-0.22.0-py2.py3-none-any.whl
Collecting six>=1.4.1 (from cryptography)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting enum34 (from cryptography)
  Using cached enum34-1.1.6-py2-none-any.whl
Collecting ipaddress (from cryptography)
  Using cached ipaddress-1.0.18-py2-none-any.whl
Collecting cffi>=1.7 (from cryptography)
  Downloading cffi-1.10.0.tar.gz (418kB)
    100% |████████████████████████████████| 419kB 68kB/s
Collecting pycparser (from cffi>=1.7->cryptography)
Building wheels for collected packages: cryptography, cffi
  Running setup.py bdist_wheel for cryptography ... error
  Complete output from command /usr/bin/python-dbg -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-0cPiPQ/cryptography/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('
\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpLeRseFpip-wheel- --python-tag cp27:
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/tmp/pip-build-0cPiPQ/cryptography/setup.py", line 312, in <module>
      **keywords_with_side_effects(sys.argv)
    File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
      _setup_distribution = dist = klass(attrs)
    File "/home/andrew/.local/lib/python2.7/site-packages/setuptools/dist.py", line 328, in __init__
      _Distribution.__init__(self, attrs)
    File "/usr/lib/python2.7/distutils/dist.py", line 287, in __init__
      self.finalize_options()
    File "/home/andrew/.local/lib/python2.7/site-packages/setuptools/dist.py", line 461, in finalize_options
      ep.load()(self, ep.name, value)
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/setuptools_ext.py", line 188, in cffi_modules
      add_cffi_module(dist, cffi_module)
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/setuptools_ext.py", line 49, in add_cffi_module
      execfile(build_file_name, mod_vars)
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/setuptools_ext.py", line 25, in execfile
      exec(code, glob, glob)
    File "src/_cffi_src/build_openssl.py", line 106, in <module>
      extra_link_args=extra_link_args(compiler_type()),
    File "/tmp/pip-build-0cPiPQ/cryptography/src/_cffi_src/utils.py", line 49, in build_ffi_for_binding
      extra_link_args=extra_link_args,
    File "/tmp/pip-build-0cPiPQ/cryptography/src/_cffi_src/utils.py", line 57, in build_ffi
      ffi = FFI()
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/api.py", line 46, in __init__
      import _cffi_backend as backend
  ImportError: /home/andrew/.local/lib/python2.7/site-packages/_cffi_backend.so: undefined symbol: Py_InitModule4_64
  [100775 refs]

  ----------------------------------------
  Failed building wheel for cryptography
  Running setup.py clean for cryptography
  Complete output from command /usr/bin/python-dbg -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-0cPiPQ/cryptography/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('
\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" clean --all:
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/tmp/pip-build-0cPiPQ/cryptography/setup.py", line 312, in <module>
      **keywords_with_side_effects(sys.argv)
    File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
      _setup_distribution = dist = klass(attrs)
    File "/home/andrew/.local/lib/python2.7/site-packages/setuptools/dist.py", line 328, in __init__
      _Distribution.__init__(self, attrs)
    File "/usr/lib/python2.7/distutils/dist.py", line 287, in __init__
      self.finalize_options()
    File "/home/andrew/.local/lib/python2.7/site-packages/setuptools/dist.py", line 461, in finalize_options
      ep.load()(self, ep.name, value)
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/setuptools_ext.py", line 188, in cffi_modules
      add_cffi_module(dist, cffi_module)
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/setuptools_ext.py", line 49, in add_cffi_module
      execfile(build_file_name, mod_vars)
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/setuptools_ext.py", line 25, in execfile
      exec(code, glob, glob)
    File "src/_cffi_src/build_openssl.py", line 106, in <module>
      extra_link_args=extra_link_args(compiler_type()),
    File "/tmp/pip-build-0cPiPQ/cryptography/src/_cffi_src/utils.py", line 49, in build_ffi_for_binding
      extra_link_args=extra_link_args,
    File "/tmp/pip-build-0cPiPQ/cryptography/src/_cffi_src/utils.py", line 57, in build_ffi
      ffi = FFI()
    File "/home/andrew/.local/lib/python2.7/site-packages/cffi/api.py", line 46, in __init__
      import _cffi_backend as backend
  ImportError: /home/andrew/.local/lib/python2.7/site-packages/_cffi_backend.so: undefined symbol: Py_InitModule4_64
  [100775 refs]

  ----------------------------------------
  Failed cleaning build dir for cryptography
  Running setup.py bdist_wheel for cffi ... done
  Stored in directory: /home/andrew/.cache/pip/wheels/7c/c4/64/889d3d2de89188ed0fcb0b313106338f06127874911eeb4c96
Successfully built cffi
Failed to build cryptography
Installing collected packages: idna, asn1crypto, six, enum34, ipaddress, pycparser, cffi, cryptography
  Running setup.py install for cryptography ... done
Successfully installed asn1crypto-0.22.0 cffi-1.10.0 cryptography-2.0.2 enum34-1.1.6 idna-2.5 ipaddress-1.0.18 pycparser-2.18 six-1.10.0
[251106 refs]

I resolved the issue while attempting to get python-dbg to work. I was trying to get python-dbg /usr/bin/pip to work. It kept failing with "UNREF invalid object" and segfaulting. Using -vv showed me that the segfault occurred as it tried to access the cryptography lib. Turns out I had the python-cryptography package already installed by apt. Removing that package allowed pip install cryptography to complete successfully.

Sorry for the errant error report. Hopefully this saves someone else some time too!

Thanks for letting us know the resolution of this.

sudo apt remove python-cryptography worked for me too, thanks for this bug report

FWIW I was having this same segfault on raspbian. I removed python-cryptography, was still segfaulting. I called pip3 with sudo and it stopped segfaulting. Posting for future googles.

@tedder , @Odaeus

Thank you for this issue. Found from Google and was having these exact issues. Removing the python-cryptography package and installing cryptography with pip thru sudo fixed it all.

Working on Debian 9.

No. Just no.

dpkg: dependency problems prevent removal of python-cryptography:
 ansible depends on python-cryptography.

This is NOT a workable solution

The actual fix is in https://github.com/pypa/pip/issues/5366
https://github.com/pypa/pip/commit/018f03aab448231462b6c013a65d60a35e06e65a

Following @tedder instruction,

removed apt package and installed pip package fixed for me.

sudo apt-get remove python-cryptography
sudo apt-get remove python3-cryptography

As I said before that is the exact wrong solution and only encourages the already terrible deb package support from devs who do not want anyone to use debs.

There is a absolutely no excuse for closing this bug

We don't have any deb package support at all! We provide cryptography as an sdist, and a wheel, the standard python packaging formats.

To the extent there's a conflict with installing using apt or other installers, that's a bug in the installers (either apt or pip), we have no code for handling this one way or another.

Consider this a gentle reminder that the strangers you yell at about software on the internet are almost always volunteers and that statements like "There is a absolutely no excuse for closing this bug" are not likely to produce a positive outcome. As always, we are absolutely willing to fix bugs in our software, but Python is a platform and frequently bugs like this are outside of our ability to control. In this situation, having multiple different versions of our library installed in different locations caused Python to inappropriately load parts of each version. The "correct" fix here is to use a virtualenv or in some fashion isolate your environments such that you don't bleed system packages into pip installed packages and there is no library-level fix we can apply.