Debian 12 on x86_64 (QEMU pc-q35-7.2) – cryptography.hazmat.bindings._rust.openssl raises SIGILL #12069
Description
First of all, thank you for your work on cryptography. Unfortunately, I encountered a bug when trying to debug another package. Loading any of cryptography.hazmat.bindings._rust.openssl (and consequently any module that depends on it) on an x86_64 build of Debian 12 running in QEMU's pc-q35-7.2 emulation on an Apple M1 raises SIGILL.
Host
$ uname -mor
Darwin 23.6.0 arm64
VM
QEMU command:
qemu-system-x86_64 -L /Applications/UTM.app/Contents/Resources/qemu -S -spice unix=on,addr=6DCA196C-C4CB-40A1-A67E-89E3C99A9EA5.spice,disable-ticketing=on,image-compression=off,playback-compression=off,streaming-video=off,gl=off -chardev spiceport,name=org.qemu.monitor.qmp.0,id=org.qemu.monitor.qmp -mon chardev=org.qemu.monitor.qmp,mode=control -nodefaults -vga none -device e1000,mac=B2:34:87:DE:FB:69,netdev=net0 -netdev vmnet-shared,id=net0 -device virtio-gpu-pci -smp cpus=1,sockets=1,cores=1,threads=1 -machine q35,vmport=off,i8042=off,hpet=off -accel tcg,tb-size=1024 -global PIIX4_PM.disable_s3=1 -global ICH9-LPC.disable_s3=1 -drive if=pflash,format=raw,unit=0,file.filename=/Applications/UTM.app/Contents/Resources/qemu/edk2-x86_64-code.fd,file.locking=off,readonly=on -drive if=pflash,unit=1,file=/Users/odin/Library/Containers/com.utmapp.UTM/Data/Documents/Linux.utm/Data/efi_vars.fd -m 4096 -audiodev coreaudio,id=audio1 -audiodev spice,id=audio0 -device intel-hda -device hda-output,audiodev=audio1 -usb -device usb-tablet,bus=usb-bus.0 -device usb-mouse,bus=usb-bus.0 -device usb-kbd,bus=usb-bus.0 -device nec-usb-xhci,id=usb-controller-0 -chardev spicevmc,name=usbredir,id=usbredirchardev0 -device usb-redir,chardev=usbredirchardev0,id=usbredirdev0,bus=usb-controller-0.0 -chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,bus=usb-controller-0.0 -chardev spicevmc,name=usbredir,id=usbredirchardev2 -device usb-redir,chardev=usbredirchardev2,id=usbredirdev2,bus=usb-controller-0.0 -device ide-cd,bus=ide.0,drive=drive003DE5BE-3CCC-4E05-80C0-38729864B0CB,bootindex=0 -drive if=none,media=cdrom,id=drive003DE5BE-3CCC-4E05-80C0-38729864B0CB,readonly=on -device ide-hd,bus=ide.1,drive=drive1433D49F-A8F4-4543-A5D4-7ED4AF101D18,bootindex=1 -drive if=none,media=disk,id=drive1433D49F-A8F4-4543-A5D4-7ED4AF101D18,file.filename=/Users/odin/Library/Containers/com.utmapp.UTM/Data/Documents/Linux.utm/Data/1433D49F-A8F4-4543-A5D4-7ED4AF101D18.qcow2,discard=unmap,detect-zeroes=unmap -device virtio-serial -device virtserialport,chardev=org.qemu.guest_agent,name=org.qemu.guest_agent.0 -chardev spiceport,name=org.qemu.guest_agent.0,id=org.qemu.guest_agent -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 -chardev spicevmc,id=vdagent,debug=0,name=vdagent -name Linux -uuid 6DCA196C-C4CB-40A1-A67E-89E3C99A9EA5 -device virtio-rng-pci
$ uname -mor
6.1.0-28-amd64 x86_64 GNU/Linux
$ python --version
Python 3.11.2
$ pip list
Package Version
------------ -------
cffi 1.17.1
cryptography 44.0.0
pip 24.3.1
pycparser 2.22
setuptools 66.1.1
Steps to reproduce
$ python3 -mvenv cryptography-test
$ . cryptography-test/bin/activate
$ pip install --upgrade pip
[...]
$ pip install cryptography
[...]
$ python -mcryptography.hazmat.bindings._rust.openssl
Illegal instruction
$ python -mpdb cryptography-test/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi
> /home/odin/cryptography-test/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi(5)<module>()
-> import typing
(Pdb) n
> /home/odin/cryptography-test/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi(7)<module>()
-> from cryptography.hazmat.bindings._rust.openssl import (
(Pdb)
Illegal instruction