This only works in 4.4; earlier versions throw a 'bad substitution' error. It causes an infinite loop of calls between 'expand_prompt_string' and 'decode_prompt_string', where calls to 'xmalloc' exhaust the heap:
$\{_@P};${_@P} I decided to report this because it is not a user-defined recursive function and it exhausts the heap rather than the stack. Here is a call trace that just repeats itself as you go back further (you can see #7 and #0 are the same): #0 decode_prompt_string (string=0x8dca08 "${_@P}") at /usr/homes/chet/src/bash/src/parse.y:5471 #1 0x00000000004cf5e0 in string_transform (xc=<optimized out>, v=0x84ca88, s=0x8dca08 "${_@P}") at subst.c:5127 #2 0x00000000004cc7c5 in parameter_brace_transform (varname=<optimized out>, value=<optimized out>, ind=<optimized out>, xform=<optimized out>, rtype=0, quoted=<optimized out>, flags=<optimized out>) at subst.c:5263 #3 0x00000000004c5a3d in parameter_brace_expand (string=<optimized out>, quoted=<optimized out>, pflags=<optimized out>, contains_dollar_at=<optimized out>, indexp=<optimized out>, quoted_dollar_atp=<optimized out>) at subst.c:8364 #4 param_expand (string=<optimized out>, sindex=<optimized out>, quoted=<optimized out>, expanded_something=<optimized out>, contains_dollar_at=<optimized out>, quoted_dollar_at_p=<optimized out>, had_quoted_null_p=<optimized out>, pflags=<optimized out>) at subst.c:8740 #5 0x00000000004b2640 in expand_word_internal (word=<optimized out>, quoted=<optimized out>, isexp=<optimized out>, contains_dollar_at=<optimized out>, expanded_something=<optimized out>) at subst.c:9301 #6 0x00000000004b16ca in expand_prompt_string (string=0x8dc908 "${_@P}", quoted=1, wflags=<optimized out>) at subst.c:3732 #7 0x0000000000434fe0 in decode_prompt_string (string=<optimized out>) at /usr/homes/chet/src/bash/src/parse.y:5833