From 28440544ba7fc494ecc822c37750991a101e41cd Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Mon, 20 Sep 2021 14:40:23 +0200
Subject: [PATCH] Don't bail out to interpreter to JLOOP originating from
 ITERN.

Otherwise forward progress is not guaranteed.
Reported by Yichun Zhang.
---
 src/lj_record.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/lj_record.c b/src/lj_record.c
index e51c98ba..7f7a0b63 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -2765,9 +2765,11 @@ void lj_record_setup(jit_State *J)
     }
     lj_snap_replay(J, T);
   sidecheck:
-    if (traceref(J, J->cur.root)->nchild >= J->param[JIT_P_maxside] ||
-	T->snap[J->exitno].count >= J->param[JIT_P_hotexit] +
-				    J->param[JIT_P_tryside]) {
+    if ((traceref(J, J->cur.root)->nchild >= J->param[JIT_P_maxside] ||
+	 T->snap[J->exitno].count >= J->param[JIT_P_hotexit] +
+				     J->param[JIT_P_tryside]) &&
+	!(bc_op(*J->pc) == BC_JLOOP &&
+	  bc_op(traceref(J, bc_d(*J->pc))->startins) == BC_ITERN)) {
       lj_record_stop(J, LJ_TRLINK_INTERP, 0);
     }
   } else {  /* Root trace. */