I think I identified the bug. A fix is pushed.

Before the SEGV, calling a handler in _gpgme_io_close is strange:

GPGME 2019-04-11 12:24:58 <0x660e>        _gpgme_io_close: check: fd=0x22 invoking close handler 0x7f341d8b8960/0x7f33f0003930

Because the file descriptor 0x21 and 0x22 is allocated by _gpgme_io_pipe, and there should be no handler(s) for those fds.
Either, the notify_table is screwed up, or there is a leak of fds.
I'd like to see the logs of all calls of _gpgme_io_set_close_notify and _gpgme_io_close.

Sorry, I overlooked. I think it is inside _gpgme_io_close calling the handler, and the handler segfaults.

Apparently, it SEGV-ted itself by assert at line 468 in gpgme/src/engine.c.
For GpgSM, info->file_name is not assigned (while it is done by gpg and gpgconf).
The code hasn't been changed for a while, I don't know the exact reason why it becomes occur.

I think that the bug has been there. The commits of import.c revealed the problem with your particular input.

Thanks for your report. It was good you add "enter no passphrase for Alfa Test Key". Then, I saw the leak. (I misunderstood as if I needed the test environment.)
Anyway, I'm going to fix it now.

Added a fix to GnuPG, too (master and stable 2.2).

I keep this ticket open, since it is also problem for other packages.

For what I use, please refer: https://tracker.debian.org/pkg/gcc-9

@kloczek , it is not reproducible for us, so, we consider it may be a problem other than GnuPG itself, possibly, some specific build configuration parameter(s) for GCC, or something by unreleased code.
Please file a report with how to reproduce your problem.

With gcc-9 in Debian experimental, everything goes well.
Yes, the use of pragma is questionable, but let's see.

That's my badness. In wait_child_thread, assuan_release may cause thread context switch to agent_reset_scd which accesses scd_local_list; This access should be serialized.
And... in start_scd, calling unlock_scd should be after unlocking start_scd_lock.

We also need to fix for encryption and signature in CSR.

Fixed in master, by removing use of compound literals. Compound literals are not portable feature (even for C99 code), so, it's good to avoid when we can.
Still dns.c uses C99 features of struct initializer with name.

Thanks, applied to GnuPG 2.2, master, and libgpg-error.

Fixed in master.

Thanks for your report.
I think that your patch is too generous to run HMAC even if fips_mode is not enabled; Simply, we can stop calling integrity check when fips_mode is not active.

I use BBG-SWD (my own tool to flash MCU) for transparency of the process. It's up to you to choice a tool for initial flashing.
Just in case, here are resources to be reproducible.

Original issue (of pinentry-curses, which should be killed by CTRL-C) is related to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry, I suppose. It is fixed in master and testing.
I don't know about the second one with pinentry-tty.

Fixed in master.

Gnuk implements the feature, and newer GnuPG shows a dialog to request pushing the ack button.

Your problem is apparently not an issue of upstream development of GnuPG; It is your setup script (agent.sh?) which specifies /dev/shm/SOMETHING.
Standard GnuPG never does that. We have no idea about use of /dev/shm/SOMETHING.

Some of my terminology: I call "case", "shell", and "board".

Final fix was rG380bce13d94f: agent: Use clock or clock_gettime for calibration., with clock.
Closing this patch.

The metal case, I bought from here (it's expensive CNY3.00, for individuals): https://item.taobao.com/item.htm?id=550180089286

For prototype, I used:

• ZL-272 (without slits): https://detail.1688.com/offer/566273410945.html
• ZL-271, the metal shell: https://detail.1688.com/offer/566197153418.html

• Repository for PCB design: https://git.gniibe.org/cgit/gnuk/fst-01.git/
  • tag: release/3.01 is the latest for the design itself, but last commit 8ee4e0d53a73993e42d1c2ccc12b08757338f4b1 added data sheet for connector.
    • • The particular data sheet is for a variant of connector with slits.
    • in the output directory, I put additional information as well as the gerber output: https://git.gniibe.org/cgit/gnuk/fst-01.git/tree/output?id=8ee4e0d53a73993e42d1c2ccc12b08757338f4b1
    • In output/README.txt, there are information for procurement for the GD32F103 chip and ZL-272 connector.
    • But those are the ones I specified, and the actual vendors/distributors are different
    • For ZL-272 with slits, it seems that it's DongGuan Yuliang Electronics Co., Limited (http://www.dgyuliang.net) which provides the connector
• The test plan I specified is: https://www.gniibe.org/memo/development/fst-01/fst-01sz-testplan.html

When bogus entry is "", the error is GPG_ERR_NO_PASSPHRASE, and user cannot input the passphrase.

Confirmed that manually created entry in gnome-keyring-daemon causes trouble.

Since there is --mode=normal option, it should be --mode=ssh.