diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix
index 2a1fe1344e205..e7fcf173c6026 100644
--- a/pkgs/build-support/bintools-wrapper/default.nix
+++ b/pkgs/build-support/bintools-wrapper/default.nix
@@ -45,6 +45,7 @@
     "relro"
     "stackprotector"
     "strictoverflow"
+    "zerocallusedregs"
   ] ++ lib.optional (with stdenvNoCC;
     # Musl-based platforms will keep "pie", other platforms will not.
     # If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}`
diff --git a/pkgs/development/compilers/llvm/17/default.nix b/pkgs/development/compilers/llvm/17/default.nix
index b4039540badf4..9792d21c2b5c9 100644
--- a/pkgs/development/compilers/llvm/17/default.nix
+++ b/pkgs/development/compilers/llvm/17/default.nix
@@ -126,6 +126,14 @@ in let
         # It's not clear to me why this isn't an issue for LLVM developers running
         # on macOS (nothing about this _seems_ nix specific)..
         ./llvm/lit-shell-script-runner-set-dyld-library-path.patch
+
+        # resolves https://github.com/llvm/llvm-project/issues/75168
+        (fetchpatch {
+          name = "fix-fzero-call-used-regs.patch";
+          url = "https://github.com/llvm/llvm-project/commit/f800c1f3b207e7bcdc8b4c7192928d9a078242a0.patch";
+          stripLen = 1;
+          hash = "sha256-e8YKrMy2rGcSJGC6er2V66cOnAnI+u1/yImkvsRsmg8=";
+        })
       ];
       pollyPatches = [
         ./llvm/gnu-install-dirs-polly.patch
diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix
index 087b43c3cb145..390aa36db03b4 100644
--- a/pkgs/top-level/stage.nix
+++ b/pkgs/top-level/stage.nix
@@ -292,7 +292,6 @@ let
           pkgsExtraHardening = super';
           stdenv = super'.withDefaultHardeningFlags (
             super'.stdenv.cc.defaultHardeningFlags ++ [
-              "zerocallusedregs"
               "trivialautovarinit"
             ]
           ) super'.stdenv;