The "Code:" line appears to be truncated. There should be 64 bytes in that
line.
I didn't allow for that properly and so identified the wrong line of code -
slightly.
I now think the crash is happening in:
list_move(&msg->list, &pipe->in_upcall);
The two pointers in msg->list have been loaded into %rsi and %rcx, and both are
NULL.
I still cannot see how that would happen though.