21.1.0: `notebook` test suite is crashing with SIGILL in _cffi_backend.cpython.*so DSO about argon2-cffi HOT 11 CLOSED

I made yet anbother experiment with latrest gcc 12.0.0 and looks like recompiling libargon2 using that compiler solved the issue and I'm no longer see that kind of issues in any test suite which is usind argon2-cffi.
Closing.

from argon2-cffi.

                #3  0x00007f86ca16d8ff blake2b_init (libargon2.so.1 + 0x38ff)
                #4  0x00007f86ca16eb0e argon2_ctx.part.0 (libargon2.so.1 + 0x4b0e)
                #5  0x00007f86ca16fa9f argon2_hash (libargon2.so.1 + 0x5a9f)
                #6  0x00007f86ca4caf16 _cffi_f_argon2_hash (_ffi.abi3.so + 0x2f16)

Indicates as if you're mixing a system-wide libargon2 with argon2-cffi-binding's lib. Try uninstalling libargon2 to verify.

from argon2-cffi.

Do you suggest that it is some bug in system libargon2 and I should not be building argon2-cffi with ARGON2_CFFI_USE_SYSTEM=1 env vriable?

from argon2-cffi.

Just checked and I'm building both argon2-cffi and argon2-cffi-binding with ARGON2_CFFI_USE_SYSTEM=1

from argon2-cffi.

That means your libargon2 is crashing. I can only assume it's compiled wrong or something.

from argon2-cffi.

I told you last year that the problem is caused by your build of libargon2. Your build of the library is broken, likely caused by a compiler bug or invalid or unsupported combination of compiler flags.

The C stack suggests that your copy of libargon2 is the root cause.

from argon2-cffi.

I told you last year that the problem is caused by your build of libargon2. Your build of the library is broken, likely caused by a compiler bug or invalid or unsupported combination of compiler flags.

OK. If that is true .. can you point on possible flags which are usied to compile libargon2?
I'm using everywhere the same base set of flags passed over env variables.
Here it is that set:

[tkloczko@ss-desktop SPECS]$ rpm -E %set_build_flags

CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none";
CXXFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none";
FFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -I/usr/lib64/gfortran/modules";
FCFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -I/usr/lib64/gfortran/modules";
LDFLAGS="-Wl,-z,relro -Wl,--as-needed -Wl,--gc-sections -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -Wl,--build-id=sha1";
CC="/usr/bin/gcc"; CXX="/usr/bin/g++"; FC="/usr/bin/gfortran";
AR="/usr/bin/gcc-ar"; NM="/usr/bin/gcc-nm"; RANLIB="/usr/bin/gcc-ranlib";
export CFLAGS CXXFLAGS FFLAGS FCFLAGS LDFLAGS CC CXX FC AR NM RANLIB;

So libargon2 is build with LTO.
Additionally:

[tkloczko@ss-desktop SPECS]$ cat /usr/lib/rpm/redhat/redhat-hardened-cc1
*cc1_options:
+ %{!r:%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}}
[tkloczko@ss-desktop SPECS]$ cat /usr/lib/rpm/redhat/redhat-annobin-cc1
*cc1_options:
+ %{!-fno-use-annobin:%{!iplugindir*:%:find-plugindir()} -fplugin=annobin}

So those two files passed as -sepec param are causing that all code by default is build as PIE and linker is usig annobin plugin.
I would be really surprised if any of those flags could be source of the proble .. nevertheless it is some non-zero possibility :/

Sorry for asking but I'm really opened on any suggestions of what I can try to do to diagnose that issue :/

from argon2-cffi.

@kloczek My suggestions would be to disable LTO and simplify the CFLAGS, for example by starting with a fairly minimal default and adding additional compiler flags as needed. Gentoo suggests -O2 -pipe -march=native as safe defaults.

If I had to guess, I'd point at -D_FORTIFY_SOURCE=2 causing problems. From man 7 feature_test_macros:

_FORTIFY_SOURCE set to 2, some more checking is added, but conforming programs might fail.

This is just a wild guess, though.

from argon2-cffi.

Will try to check those secenarios ASP and back with reults.
Thank you for suggestions.

from argon2-cffi.

So far compile without -D_FORTIFY_SOURCE=2 did not help.
May I ask which one version of argon2 you are using?
I'm using version from master (20190702 + 15 patches from git repo added after last release)

from argon2-cffi.

@kloczek argon2-cffi-bindings vendors P-H-C/phc-winner-argon2@f57e61e. That version is definitely known to work.

When I tested my PR for the ARGON2_CFFI_USE_SYSTEM switch I remember that the argon2-cffi build failed when trying to build against an incompatible version of argon2. I assume this is still the case with argon2-cffi-bindings. That means: I don't think your version choice of argon2 is causing issues.

from argon2-cffi.