I get a reproducible SEGV in 2.2.37's gpg-agent but cannot say much about the circumstances that trigger it.
The backtrace is:
#0 0x0000555c8c0d0379 in ask_for_card (ctrl=0x555c8cb7aae0, shadow_info=<optimized out>, grip=<optimized out>, r_kid=0x7fef839fed50) at /usr/src/debug/gnupg-2.2.37/agent/divert-scd.c:108 #1 0x0000555c8c0a8dce in divert_pkdecrypt (desc_text=<optimized out>, r_padding=0x7fef839fed1c, r_len=<synthetic pointer>, r_buf=<synthetic pointer>, shadow_info=0x7fef7c003620 "(16:\322v", grip=0x555c8cb7ab6c "\221\367hPD\350\274\065\245Yy\355+\265\030K\365p\323\313\001", cipher=<optimized out>, ctrl=0x555c8cb7aae0) at /usr/src/debug/gnupg-2.2.37/agent/divert-scd.c:691 #2 agent_pkdecrypt (r_padding=0x7fef839fed1c, outbuf=0x7fef839fed70, ciphertextlen=283, ciphertext=<optimized out>, desc_text=<optimized out>, ctrl=0x555c8cb7aae0) at /usr/src/debug/gnupg-2.2.37/agent/pkdecrypt.c:89 #3 cmd_pkdecrypt (ctx=0x7fef7c000b70, line=<optimized out>) at /usr/src/debug/gnupg-2.2.37/agent/command.c:817 #4 0x00007fef83fd3552 in ?? () from /usr/lib/libassuan.so.0 #5 0x00007fef83fd395b in assuan_process () from /usr/lib/libassuan.so.0 #6 0x0000555c8c0d5d08 in start_command_handler.constprop.0 (ctrl=ctrl@entry=0x555c8cb7aae0, fd=<optimized out>, listen_fd=-1) at /usr/src/debug/gnupg-2.2.37/agent/command.c:3601 #7 0x0000555c8c0a65d0 in do_start_connection_thread (ctrl=0x555c8cb7aae0) at /usr/src/debug/gnupg-2.2.37/agent/gpg-agent.c:2724 #8 0x00007fef83fc71cf in ?? () from /usr/lib/libnpth.so.0 #9 0x00007fef83e3e78d in start_thread (arg=<optimized out>) at pthread_create.c:442 #10 0x00007fef83ebf8e4 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
From looking at the variables, I think the new code in ask_for_card has invalid expectations on the outcome of agent_keymeta_from_file, as keymeta is still NULL after the call in my case but in line 108 it gets fed to nvc_lookup which does not expect that.
Happy to check / provide anything useful.