https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69624
--- Comment #8 from Dmitry Vyukov <dvyukov at google dot com> --- First of all, are you sure that r12 is not 0 before the call? Deference of 0xdffffc0000000000 is how KASAN reacts on NULL deref, it does shadow check before the memory accesses. If original address is NULL, the shadow check will go to 0xdffffc0000000000. I see such GPFs quite frequently, so that's what I would assume first. If you just switched to gcc6, then it can be some latent bug (undefined behavior), which started to fire with a new compiler. p.s. I can reproduce the generated code now.
