Segfault with producing gist

[SqrtNegInf]

The Problem

grep can cause a segfault, under very specific conditions. The chance of a problem goes up with the volume of data supplied.

Steps to Reproduce

# with increasing amounts of data, chance of failures goes up
say (   'a'...   'z').grep({ .ords.all.is-prime });  # 100% OK
say (  'aa'...  'gg').grep({ .ords.all.is-prime });  # 100% OK
say (  'aa'...  'zz').grep({ .ords.all.is-prime });  #  44% failure rate
say ( 'aaa'... 'kkk').grep({ .ords.all.is-prime });  #  99%      "
say ( 'aaa'... 'zzz').grep({ .ords.all.is-prime });  # 100%      "

# another way to crash (but replace '2000' with '1910' and it runs OK)
(Date.new('1900-01-01'), *.later(:1month) ... Date.new('2000-12-01')).grep({.day-of-week == 5 and .days-in-month == 31}).say;

All of this code works reliably when either MVM_SPESH_DISABLE or MVM_JIT_DISABLE is in force.

The last version where the problem I do not see this is v2022.12-1-gd52342eb0 (just prior to master -> main switch)

Environment

• Operating system:
  Seen with macos/Darwin and Ubuntu
• Compiler version (perl6 -v or raku -v):
  All versions after master -> main switch

[lizmat]

$ raku -e 'say ("aa"...  "zz").grep({ .ords.all.is-prime }) for ^7'
zsh: bus error  raku -e 'say ("aa"...  "zz").grep({ .ords.all.is-prime }) for ^7'

crashes reliably for me after the 7th iteration. Mind you, this is on an M1, so no JIT involved here. Same for using note or put.

Confirm the problem doesn't exist if MVM_SPESH_DISABLE=1 is specified.

Oddly enough:

$ raku -e 'my @a = ("aa"...  "zz").grep({ .ords.all.is-prime }) for ^1000'

does NOT crash. Nor does calling any other sub do this.

So after some more investigation, it looks like it is inside Rakudo::Internals.GistList2list_s:

$ raku -e 'sub foo(|) { use nqp; Rakudo::Internals.GistList2list_s(nqp::p6argvmarray) }; foo ("aa"...  "zz").grep({ .ords.all.is-prime }) for ^7'
zsh: bus error  raku -e 

[lizmat]

However, Rakudo::Internals::GistList2list_s hasn't been touched since 88d9822 (10 May 2020), so I guess it must be tickling something in the core that was changed since.

[dogbert17]

Could possibly be related to inlining given that the problem seems to disappear if the program is run with MVM_SPESH_INLINE_DISABLE=1

The code seems to get stuck in some kind of infinite recursion as can be seen below:

dogbert@dogbert-VirtualBox:~/repos/rakudo$ MVM_JIT_DISABLE=1 ./rakudo-gdb-m -e 'sub foo(|) { use nqp; Rakudo::Internals.GistList2list_s(nqp::p6argvmarray) }; foo ("aa"...  "zz").grep({ .ords.all.is-prime }) for ^7'
================================================================================================
This is Rakudo running in the  debugger, which often allows the user to generate useful back-
traces to debug or report issues in Rakudo, the MoarVM backend or the currently running code.

This Rakudo version is 2022.12.996.g.127.fb.0897 built on MoarVM version 2022.12.14.gebefe.2618,
running on linuxmint (20.3.Una) / linux

Type `bt full` to generate a backtrace if applicable, type `q` to quit or `help` for help.
------------------------------------------------------------------------------------------------
Reading symbols from /home/dogbert/repos/rakudo/install/bin/moar...
Starting program: /home/dogbert/repos/rakudo/install/bin/moar --execname=/home/dogbert/repos/rakudo/rakudo-gdb-m --libpath=/home/dogbert/repos/rakudo --libpath=/home/dogbert/repos/rakudo/blib --libpath=/home/dogbert/repos/rakudo/install/share/nqp/lib/ /home/dogbert/repos/rakudo/perl6.moarvm -e sub\ foo\(\|\)\ \{\ use\ nqp\;\ Rakudo::Internals.GistList2list_s\(nqp::p6argvmarray\)\ \}\;\ foo\ \(\"aa\"...\ \ \"zz\"\).grep\(\{\ .ords.all.is-prime\ \}\)\ for\ \^7
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff71e3700 (LWP 169340)]

Thread 2 "spesh optimizer" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff71e3700 (LWP 169340)]
0x00007ffff7931a3d in mi_slice_first (slice=0x0) at 3rdparty/mimalloc/include/mimalloc-internal.h:488
488	static inline mi_slice_t* mi_slice_first(const mi_slice_t* slice) {
(gdb) bt
#0  0x00007ffff7931a3d in mi_slice_first (slice=0x0) at 3rdparty/mimalloc/include/mimalloc-internal.h:488
#1  0x00007ffff7931bea in _mi_segment_page_of (segment=0x20004000000, p=0x20004b354a0) at 3rdparty/mimalloc/include/mimalloc-internal.h:504
#2  0x00007ffff7931cd8 in _mi_ptr_page (p=0x20004b354a0) at 3rdparty/mimalloc/include/mimalloc-internal.h:517
#3  0x00007ffff7946eea in _mi_page_malloc (heap=0x7ffff5bad000, page=0x20004004428, size=28, zero=false) at 3rdparty/mimalloc/src/alloc.c:35
#4  0x00007ffff79472c2 in mi_heap_malloc_small_zero (heap=0x7ffff5bad000, size=20, zero=false) at 3rdparty/mimalloc/src/alloc.c:105
#5  0x00007ffff7947413 in _mi_heap_malloc_zero_ex (heap=0x7ffff5bad000, size=20, zero=false, huge_alignment=0) at 3rdparty/mimalloc/src/alloc.c:130
#6  0x00007ffff7947561 in _mi_heap_malloc_zero (heap=0x7ffff5bad000, size=20, zero=false) at 3rdparty/mimalloc/src/alloc.c:149
#7  0x00007ffff794758f in mi_heap_malloc (heap=0x7ffff5bad000, size=20) at 3rdparty/mimalloc/src/alloc.c:153
#8  0x00007ffff79475b8 in mi_malloc (size=20) at 3rdparty/mimalloc/src/alloc.c:157
#9  0x00007ffff78a7a9b in MVM_malloc (size=20) at src/core/alloc.h:3
#10 0x00007ffff78a8c8e in make_temp_reg (tc=0x20000020880, g=0x20027acd100, kind=8, reuse=1) at src/spesh/manipulate.c:350
#11 0x00007ffff78a8e9a in MVM_spesh_manipulate_get_temp_reg (tc=0x20000020880, g=0x20027acd100, kind=8) at src/spesh/manipulate.c:375
#12 0x00007ffff78d7ee5 in translate_dispatch_program (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, ins=0x20027fd4d10, dp=0x200071db280, next_ins=0x7ffff69e4878) at src/spesh/disp.c:889
#13 0x00007ffff78dc1ff in MVM_spesh_disp_optimize (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, p=0x0, ins=0x20027fd4d10, next_ins=0x7ffff69e4878) at src/spesh/disp.c:1591
#14 0x00007ffff78b9f1d in optimize_bb_switch (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, p=0x0) at src/spesh/optimize.c:2290
#15 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, p=0x0) at src/spesh/optimize.c:2379
#16 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd52d8, p=0x0) at src/spesh/optimize.c:2383
#17 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acd100, p=0x0) at src/spesh/optimize.c:2817
#18 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acce80, target_sf=0x20002f2f000, runbytecode_ins=0x20027fce248, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027fce290, type_tuple=0x20027fce2e0, no_inline_reason=0x7ffff69e4a38, no_inline_info=0x7ffff69e4a40) at src/spesh/inline.c:328
#19 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acce80, bb=0x20027fcb550, ins=0x20027fce248, p=0x0) at src/spesh/optimize.c:1610
#20 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acce80, bb=0x20027fcb550, p=0x0) at src/spesh/optimize.c:2312
#21 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acce80, bb=0x20027fcb550, p=0x0) at src/spesh/optimize.c:2379
#22 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acce80, bb=0x20027fcb490, p=0x0) at src/spesh/optimize.c:2383
#23 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acce80, p=0x0) at src/spesh/optimize.c:2817
#24 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027accc00, target_sf=0x20002f2f700, runbytecode_ins=0x20027fc2eec, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027fc2f34, type_tuple=0x20027fc2f84, no_inline_reason=0x7ffff69e4ce8, no_inline_info=0x7ffff69e4cf0) at src/spesh/inline.c:328
#25 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027accc00, bb=0x20027fc1048, ins=0x20027fc2eec, p=0x0) at src/spesh/optimize.c:1610
#26 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027accc00, bb=0x20027fc1048, p=0x0) at src/spesh/optimize.c:2312
#27 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027accc00, bb=0x20027fc1048, p=0x0) at src/spesh/optimize.c:2379
#28 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027accc00, p=0x0) at src/spesh/optimize.c:2817
#29 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027accac0, target_sf=0x20002e6bf00, runbytecode_ins=0x20027fb9c5a, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027fb9ca2, type_tuple=0x20027fb9cf2, no_inline_reason=0x7ffff69e4f58, no_inline_info=0x7ffff69e4f60) at src/spesh/inline.c:328
#30 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027accac0, bb=0x20027fb7398, ins=0x20027fb9c5a, p=0x0) at src/spesh/optimize.c:1610
#31 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027accac0, bb=0x20027fb7398, p=0x0) at src/spesh/optimize.c:2312
#32 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027accac0, bb=0x20027fb7398, p=0x0) at src/spesh/optimize.c:2379
#33 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027accac0, bb=0x20027fb72d8, p=0x0) at src/spesh/optimize.c:2383
#34 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027accac0, p=0x0) at src/spesh/optimize.c:2817
#35 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acc840, target_sf=0x20002f2f000, runbytecode_ins=0x20027fb0248, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027fb0290, type_tuple=0x20027fb02e0, no_inline_reason=0x7ffff69e5208, no_inline_info=0x7ffff69e5210) at src/spesh/inline.c:328
#36 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acc840, bb=0x20027fad550, ins=0x20027fb0248, p=0x0) at src/spesh/optimize.c:1610
#37 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acc840, bb=0x20027fad550, p=0x0) at src/spesh/optimize.c:2312
#38 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acc840, bb=0x20027fad550, p=0x0) at src/spesh/optimize.c:2379
#39 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acc840, bb=0x20027fad490, p=0x0) at src/spesh/optimize.c:2383
#40 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acc840, p=0x0) at src/spesh/optimize.c:2817
#41 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acc5c0, target_sf=0x20002f2f700, runbytecode_ins=0x20027fa4eec, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027fa4f34, type_tuple=0x20027fa4f84, no_inline_reason=0x7ffff69e54b8, no_inline_info=0x7ffff69e54c0) at src/spesh/inline.c:328
#42 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acc5c0, bb=0x20027fa3048, ins=0x20027fa4eec, p=0x0) at src/spesh/optimize.c:1610
#43 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acc5c0, bb=0x20027fa3048, p=0x0) at src/spesh/optimize.c:2312
#44 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acc5c0, bb=0x20027fa3048, p=0x0) at src/spesh/optimize.c:2379
#45 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acc5c0, p=0x0) at src/spesh/optimize.c:2817
#46 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acc480, target_sf=0x20002e6bf00, runbytecode_ins=0x20027f9bc5a, 
--Type <RET> for more, q to quit, c to continue without paging--
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f9bca2, type_tuple=0x20027f9bcf2, no_inline_reason=0x7ffff69e5728, no_inline_info=0x7ffff69e5730) at src/spesh/inline.c:328
#47 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acc480, bb=0x20027f99398, ins=0x20027f9bc5a, p=0x0) at src/spesh/optimize.c:1610
#48 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acc480, bb=0x20027f99398, p=0x0) at src/spesh/optimize.c:2312
#49 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acc480, bb=0x20027f99398, p=0x0) at src/spesh/optimize.c:2379
#50 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acc480, bb=0x20027f992d8, p=0x0) at src/spesh/optimize.c:2383
#51 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acc480, p=0x0) at src/spesh/optimize.c:2817
#52 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acb800, target_sf=0x20002f2f000, runbytecode_ins=0x20027f92248, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f92290, type_tuple=0x20027f922e0, no_inline_reason=0x7ffff69e59d8, no_inline_info=0x7ffff69e59e0) at src/spesh/inline.c:328
#53 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acb800, bb=0x20027f8f550, ins=0x20027f92248, p=0x0) at src/spesh/optimize.c:1610
#54 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acb800, bb=0x20027f8f550, p=0x0) at src/spesh/optimize.c:2312
#55 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acb800, bb=0x20027f8f550, p=0x0) at src/spesh/optimize.c:2379
#56 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acb800, bb=0x20027f8f490, p=0x0) at src/spesh/optimize.c:2383
#57 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acb800, p=0x0) at src/spesh/optimize.c:2817
#58 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acc340, target_sf=0x20002f2f700, runbytecode_ins=0x20027f86eec, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f86f34, type_tuple=0x20027f86f84, no_inline_reason=0x7ffff69e5c88, no_inline_info=0x7ffff69e5c90) at src/spesh/inline.c:328
#59 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acc340, bb=0x20027f85048, ins=0x20027f86eec, p=0x0) at src/spesh/optimize.c:1610
#60 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acc340, bb=0x20027f85048, p=0x0) at src/spesh/optimize.c:2312
#61 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acc340, bb=0x20027f85048, p=0x0) at src/spesh/optimize.c:2379
#62 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acc340, p=0x0) at src/spesh/optimize.c:2817
#63 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acc200, target_sf=0x20002e6bf00, runbytecode_ins=0x20027f7dc5a, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f7dca2, type_tuple=0x20027f7dcf2, no_inline_reason=0x7ffff69e5ef8, no_inline_info=0x7ffff69e5f00) at src/spesh/inline.c:328
#64 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acc200, bb=0x20027f7b398, ins=0x20027f7dc5a, p=0x0) at src/spesh/optimize.c:1610
#65 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acc200, bb=0x20027f7b398, p=0x0) at src/spesh/optimize.c:2312
#66 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acc200, bb=0x20027f7b398, p=0x0) at src/spesh/optimize.c:2379
#67 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acc200, bb=0x20027f7b2d8, p=0x0) at src/spesh/optimize.c:2383
#68 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acc200, p=0x0) at src/spesh/optimize.c:2817
#69 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acbf80, target_sf=0x20002f2f000, runbytecode_ins=0x20027f74248, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f74290, type_tuple=0x20027f742e0, no_inline_reason=0x7ffff69e61a8, no_inline_info=0x7ffff69e61b0) at src/spesh/inline.c:328
#70 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acbf80, bb=0x20027f71550, ins=0x20027f74248, p=0x0) at src/spesh/optimize.c:1610
#71 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acbf80, bb=0x20027f71550, p=0x0) at src/spesh/optimize.c:2312
#72 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acbf80, bb=0x20027f71550, p=0x0) at src/spesh/optimize.c:2379
#73 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acbf80, bb=0x20027f71490, p=0x0) at src/spesh/optimize.c:2383
#74 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acbf80, p=0x0) at src/spesh/optimize.c:2817
#75 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acbd00, target_sf=0x20002f2f700, runbytecode_ins=0x20027f50eec, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f50f34, type_tuple=0x20027f50f84, no_inline_reason=0x7ffff69e6458, no_inline_info=0x7ffff69e6460) at src/spesh/inline.c:328
#76 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acbd00, bb=0x20027f4f048, ins=0x20027f50eec, p=0x0) at src/spesh/optimize.c:1610
#77 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acbd00, bb=0x20027f4f048, p=0x0) at src/spesh/optimize.c:2312
#78 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acbd00, bb=0x20027f4f048, p=0x0) at src/spesh/optimize.c:2379
#79 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acbd00, p=0x0) at src/spesh/optimize.c:2817
#80 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acbbc0, target_sf=0x20002e6bf00, runbytecode_ins=0x20027f47c5a, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f47ca2, type_tuple=0x20027f47cf2, no_inline_reason=0x7ffff69e66c8, no_inline_info=0x7ffff69e66d0) at src/spesh/inline.c:328
#81 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acbbc0, bb=0x20027f45398, ins=0x20027f47c5a, p=0x0) at src/spesh/optimize.c:1610
#82 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acbbc0, bb=0x20027f45398, p=0x0) at src/spesh/optimize.c:2312
#83 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acbbc0, bb=0x20027f45398, p=0x0) at src/spesh/optimize.c:2379
#84 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acbbc0, bb=0x20027f452d8, p=0x0) at src/spesh/optimize.c:2383
#85 0x00007ffff78bba77 in MVM_spesh_optimize (tc=0x20000020880, g=0x20027acbbc0, p=0x0) at src/spesh/optimize.c:2817
#86 0x00007ffff78c045b in MVM_spesh_inline_try_get_graph_from_unspecialized (tc=0x20000020880, inliner=0x20027acb940, target_sf=0x20002f2f000, runbytecode_ins=0x20027f3e248, 
    cs=0x7ffff7e04c60 <obj_callsite>, args=0x20027f3e290, type_tuple=0x20027f3e2e0, no_inline_reason=0x7ffff69e6978, no_inline_info=0x7ffff69e6980) at src/spesh/inline.c:328
#87 0x00007ffff78b82ba in optimize_runbytecode (tc=0x20000020880, g=0x20027acb940, bb=0x20027f3b550, ins=0x20027f3e248, p=0x0) at src/spesh/optimize.c:1610
#88 0x00007ffff78b9f98 in optimize_bb_switch (tc=0x20000020880, g=0x20027acb940, bb=0x20027f3b550, p=0x0) at src/spesh/optimize.c:2312
#89 0x00007ffff78ba1af in optimize_bb (tc=0x20000020880, g=0x20027acb940, bb=0x20027f3b550, p=0x0) at src/spesh/optimize.c:2379
#90 0x00007ffff78ba1e9 in optimize_bb (tc=0x20000020880, g=0x20027acb940, bb=0x20027f3b490, p=0x0) at src/spesh/optimize.c:2383
--Type <RET> for more, q to quit, c to continue without paging--q
Quit
(gdb) l
483	  mi_segment_t* segment = _mi_ptr_segment(page); 
484	  mi_assert_internal(segment == NULL || ((mi_slice_t*)page >= segment->slices && (mi_slice_t*)page < segment->slices + segment->slice_entries));
485	  return segment;
486	}
487	
488	static inline mi_slice_t* mi_slice_first(const mi_slice_t* slice) {
489	  mi_slice_t* start = (mi_slice_t*)((uint8_t*)slice - slice->slice_offset);
490	  mi_assert_internal(start >= _mi_ptr_segment(slice)->slices);
491	  mi_assert_internal(start->slice_offset == 0);
492	  mi_assert_internal(start + start->slice_count > slice);
(gdb) info threads
  Id   Target Id                                            Frame 
  1    Thread 0x7ffff71e5440 (LWP 169336) "moar"            futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x200000100e0) at ../sysdeps/nptl/futex-internal.h:183
* 2    Thread 0x7ffff71e3700 (LWP 169340) "spesh optimizer" 0x00007ffff7931a3d in mi_slice_first (slice=0x0) at 3rdparty/mimalloc/include/mimalloc-internal.h:488
(gdb) f 14
#14 0x00007ffff78b9f1d in optimize_bb_switch (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, p=0x0) at src/spesh/optimize.c:2290
2290	            MVM_spesh_disp_optimize(tc, g, bb, p, ins, &next_ins);
(gdb) l
2285	        case MVM_OP_dispatch_o:
2286	        case MVM_OP_dispatch_n:
2287	        case MVM_OP_dispatch_s:
2288	        case MVM_OP_dispatch_i:
2289	        case MVM_OP_dispatch_u:
2290	            MVM_spesh_disp_optimize(tc, g, bb, p, ins, &next_ins);
2291	            break;
2292	        case MVM_OP_sp_guard:
2293	        case MVM_OP_sp_guardconc:
2294	        case MVM_OP_sp_guardtype:
(gdb) f 13
#13 0x00007ffff78dc1ff in MVM_spesh_disp_optimize (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, p=0x0, ins=0x20027fd4d10, next_ins=0x7ffff69e4878) at src/spesh/disp.c:1591
1591	            if (translate_dispatch_program(tc, g, bb, ins,
(gdb) l
1586	            MVM_spesh_graph_add_comment(tc, g, ins, "Never dispatched");
1587	            break;
1588	        case MVM_INLINE_CACHE_KIND_MONOMORPHIC_DISPATCH:
1589	            /* Monomorphic, so translate the dispatch program if we can. */
1590	            MVM_spesh_graph_add_comment(tc, g, ins, "Monomorphic in the inline cache");
1591	            if (translate_dispatch_program(tc, g, bb, ins,
1592	                ((MVMDispInlineCacheEntryMonomorphicDispatch *)entry)->dp, next_ins)) {
1593	                return 1;
1594	            }
1595	            break;
(gdb) f 12
#12 0x00007ffff78d7ee5 in translate_dispatch_program (tc=0x20000020880, g=0x20027acd100, bb=0x20027fd5398, ins=0x20027fd4d10, dp=0x200071db280, next_ins=0x7ffff69e4878) at src/spesh/disp.c:889
889	                MVMSpeshOperand temp = MVM_spesh_manipulate_get_temp_reg(tc, g, reg_kind);
(gdb) l
884	            case MVMDispOpcodeLoadConstantObjOrStr: {
885	                MVMCollectable *value = dp->gc_constants[op->load.idx];
886	                MVMuint16 reg_kind = REPR(value)->ID == MVM_REPR_ID_MVMString
887	                    ? MVM_reg_str
888	                    : MVM_reg_obj;
889	                MVMSpeshOperand temp = MVM_spesh_manipulate_get_temp_reg(tc, g, reg_kind);
890	                temporaries[op->load.temp] = temp;
891	                MVM_VECTOR_PUSH(allocated_temps, temp);
892	                emit_load_spesh_slot(tc, g, bb, &insert_after, temp, value);
893	                break;
(gdb) f 11
#11 0x00007ffff78a8e9a in MVM_spesh_manipulate_get_temp_reg (tc=0x20000020880, g=0x20027acd100, kind=8) at src/spesh/manipulate.c:375
375	    return make_temp_reg(tc, g, kind, 1);
(gdb) l
370	}
371	
372	/* Gets a temporary register, adding it to the set of registers of the
373	 * frame. */
374	MVMSpeshOperand MVM_spesh_manipulate_get_temp_reg(MVMThreadContext *tc, MVMSpeshGraph *g, MVMuint16 kind) {
375	    return make_temp_reg(tc, g, kind, 1);
376	}
377	
378	/* Releases a temporary register, so it can be used again later. */
379	void MVM_spesh_manipulate_release_temp_reg(MVMThreadContext *tc, MVMSpeshGraph *g, MVMSpeshOperand temp) {
(gdb) f 10
#10 0x00007ffff78a8c8e in make_temp_reg (tc=0x20000020880, g=0x20027acd100, kind=8, reuse=1) at src/spesh/manipulate.c:350
350	        g->local_types = MVM_malloc(local_types_size);
(gdb) l
345	    g->num_temps++;
346	
347	    /* Add locals table entry. */
348	    if (!g->local_types) {
349	        MVMint32 local_types_size = g->num_locals * sizeof(MVMuint16);
350	        g->local_types = MVM_malloc(local_types_size);
351	        memcpy(g->local_types, g->sf->body.local_types, local_types_size);
352	    }
353	    g->local_types = MVM_realloc(g->local_types, (g->num_locals + 1) * sizeof(MVMuint16));
354	    g->local_types[g->num_locals] = kind;
(gdb) 

... the listing is more or less endless

[timo]

looks like moar infinite-recurses in spesh while trying to inline a function and then it ping pongs back and forth between two different functions