As described here #75996 (comment) I've seen frequent crashes with rc1 on s390x (Mono-based big-endian platform) - these were all segmentation faults in SpanHelpers.IndexOfValueType called from various different places, caused by accessing beyond the end of a page into an unmapped page.

The symptom disappeared after the SpanHelper changes were reverted on Mono, so I initially thought it was somehow a problem in those changes. However, as it turns out, the real underlying problem is a Mono codegen bug on s390x.

The accesses that span the page boundary turn out to be emitted from the implementation of the OP_CHECK_THIS opcode. This is intended to perform a memory access, just to see if this triggers a segmentation fault if the incoming pointer was invalid. However, the OP_CHECK_THIS implementation currently always emits an 8-byte memory access - potentially resulting in a false positive if the pointer was valid, but only to access less than 8 bytes.

This should be fixed by changing OP_CHECK_THIS to only access a single byte. I'll submit a PR to that effect shortly.

This should probably be backported to .NET 7 as well, even though ithe bug no longer triggers in the runtime itself - it could still be triggered by other code.

FYI @nealef @lambdageek @vargaz @akoeplinger

Also FYI @janani66 - you should look into that on ppc as well, just from code inspection the ppc code appears to have the same bug.