>
> So what is the problematic data here?  Is 'glyph' a NULL pointer or
> something?  Or is 'it' a garbled pointer?  What do these commands
> show:
>
>   (gdb) p glyph
>   (gdb) p glyph->charpos
>   (gdb) p it->position
>

This is what I got:

Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x000000000043d101 in append_glyph (it=0x7fffffff2370) at xdisp.c:25880
25880   xdisp.c: No such file or directory.
(gdb) bt
#0  0x000000000043d101 in append_glyph (it=0x7fffffff2370) at xdisp.c:25880
#1  x_produce_glyphs (it=0x7fffffff2370) at xdisp.c:27175
#2  0x0000000000452032 in display_line (it=0x7fffffff2370) at xdisp.c:20676
#3  0x0000000000457868 in try_window (window=18793157, pos=..., flags=1) at
xdisp.c:17251
#4  0x0000000000460e41 in redisplay_window (window=18793157,
just_this_one_p=false)
    at xdisp.c:16700
#5  0x0000000000463b36 in redisplay_window_0 (window=<optimized out>) at
xdisp.c:14491
#6  0x000000000055e7c6 in internal_condition_case_1 (bfun=0x463b10
<redisplay_window_0>,
    arg=18793157, handlers=<optimized out>, hfun=0x429b40
<redisplay_window_error>)
    at eval.c:1339
#7  0x000000000044612e in redisplay_windows (window=<optimized out>) at
xdisp.c:14471
#8  0x000000000045cfd5 in redisplay_internal () at xdisp.c:14031
#9  0x00000000004f5299 in read_char (commandflag=1, map=102809939,
prev_event=0,
    used_mouse_menu=0x7fffffffb0ff, end_time=0x0) at keyboard.c:2482
#10 0x00000000004f90c0 in read_key_sequence (keybuf=0x7fffffffb170,
prompt=0,
    dont_downcase_last=false, can_return_switch_frame=true,
fix_current_buffer=true,
    prevent_redisplay=false, bufsize=30) at keyboard.c:9068
#11 0x00000000004fa3ba in command_loop_1 () at keyboard.c:1370
#12 0x000000000055e82a in internal_condition_case (bfun=0x4fa1f0
<command_loop_1>,
    handlers=<optimized out>, hfun=0x4f8200 <cmd_error>) at eval.c:1315
#13 0x00000000004f81ec in command_loop_2 (ignore=<optimized out>) at
keyboard.c:1112
#14 0x000000000055e8b8 in internal_catch (tag=<optimized out>,
    func=0x4f81d0 <command_loop_2>, arg=0) at eval.c:1080
#15 0x00000000004f7f67 in command_loop () at keyboard.c:1091
#16 0x00000000004f7ff5 in recursive_edit_1 () at keyboard.c:697
#17 0x00000000004f8135 in Frecursive_edit () at keyboard.c:768
#18 0x00000000004e997e in main (argc=<optimized out>, argv=<optimized out>)
at emacs.c:1629
(gdb) p glyph
$1 = (struct glyph *) 0x8f
(gdb) p glyph->charpos
Cannot access memory at address 0x8f
(gdb) p it->position
$2 = {charpos = 1, bytepos = 1}
(gdb)

Basically, I need you to run this under a debugger and answer several
> questions.  Bonus points for reproducing this in an unoptimized build
> configured with --enable-checking='yes,glyphs', and then showing the
> backtrace from the segfault.
>
> IOW, this problem needs to be debugged, and for that we need data that
> explains the crash.  Could you please help in collecting that data?
>

Sure.

Another data point: I can prevent the crash if I add nlinum-enabling hooks
in window-setup-hook instead of after-init-hook. When using emacsclient
(daemon), I do that nlinum enabling in after-make-frame-functions. So I see
this crash only when running emacs (not emacsclient), on 25.3.

Let me try to build emacs-25 branch with your suggested options.. hopefully
I can recreate the crash on that.

-- 

Kaushal Modi