100% CPU usage endles loop of gpg --list-keys
Open, NormalPublic


Following command, called by Thunderbird (probably Enigmail plugin) hangs with 100% CPU usage endless loop:

/usr/bin/gpg --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-secret-keys 4E2C6E8793298290

After I've noticed above mentioned problem, I've killed related process. Then whenever I'm trying a simple list keys command, it is again hangin with 100% CPU usage endless loop:

gpg -k

My OS is Arch GNU/Linux with following uname:

Linux 4.16.7-1-ARCH #1 SMP PREEMPT Wed May 2 21:12:36 UTC 2018 x86_64 GNU/Linux
gpg (GnuPG) 2.2.6
libgcrypt 1.8.2

gpg comes from official package of Arch GNU/Linux repository, version 2.2.6-1.

Dependencies (with optional installed):

npth                : 1.5-1
libgpg-error                : 1.29-1
libgcrypt                : 1.8.2-1
libksba                : 1.3.5-1
libassuan                : 2.5.1-1
pinentry                : 1.1.0-2
bzip2                : 1.0.6-7
readline                : 7.0.003-1
gnutls                : 3.5.18-1
sqlite                : 3.23.1-1
libldap                : 2.4.46-1
libusb-compat                : 0.1.5-1
pcsclite                : 1.8.23-3


ktalik created this task.May 10 2018, 3:50 PM

This looks reminiscent of a bug previously seen in GPA (T3748).

Are you using the TOFU trust model?

I'm not sure. How to check it? In man gpg I only see instructions on how to change the trust model. ~/.gnupg/gpg.conf does not have any trust model related entry. I have ~/.gnupg/tofu.db file however.

If you never explicitly changed the default trust model, then I would expect you are not using TOFU, but the presence of a tofu.db file strongly suggests that you are indeed using it.

To know for sure, you may use the command gpg --check-trustdb. Look in the output of that command for a line similar to the following:

gpg: marginals needed: 3  completes needed: 1  trust model: XXX

If you see that line, then XXX is the trust model you are using (it should be pgp by default, but it could be tofu+pgp). If you don't see such a line, then you are using the tofu model.

Above command freezes with 100% CPU, too.

Okay, so maybe this has nothing to do with T3748 then…

Well, I can’t reproduce. Assuming you’re using TOFU (that must be the case since you have a tofu.db database), I wonder if your database may be somehow corrupted.

Could you try moving the ~/.gnupg/tofu.db file away (do not delete it! just move it under a different name and/or a different folder), and then try either a key listing command (that you know trigger the freeze) or a --check-trustdb command?

Good idea, but I've already tried it. Tried once again and freeze still occurs.

werner added a subscriber: werner.Jun 6 2018, 2:32 PM

Please add

--verbose --debug ipc,trust

to the gpg invocation.

werner triaged this task as Normal priority.Jun 6 2018, 2:33 PM
werner added a project: gnupg (gpg22).
ktalik added a comment.EditedJun 6 2018, 2:48 PM
$ gpg -k --verbose --debug ipc,trust
gpg: reading options from '/home/konrad/.gnupg/gpg.conf'
gpg: enabled debug flags: trust ipc
gpg: using pgp trust model
gpg: checking the trustdb
gpg: removing stale lockfile (created by 14064)
$ gpg --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-secret-keys 4E2C6E8793298290 --verbose --debug ipc,trust
gpg: Note: '--verbose' is not considered an option
gpg: Note: '--debug' is not considered an option
gpg: please do a --check-trustdb
$ gpg --debug ipc,trust --check-trustdb
gpg: reading options from '/home/konrad/.gnupg/gpg.conf'
gpg: enabled debug flags: trust ipc
gpg: removing stale lockfile (created by 14417)

In your second run you added the options after the argument (4E2C6E8793298290) so they won't have an effect. Anyway, I can't see anything from the output. My way to debug that would be to run gpg under strace:

strace -o gpg.trc gpg -k --verbose --debug ipc,trust

The hit ctrl-c and post the last 20 lines, unless they are all the same, then please search back until you find the start of that. Or upload the entire file but take care that you ran it in a test environment, because strace shows all kind of things you may not want to publish.