CI sporadically fails `due to signal 9 (Killed)`

Recently, I've noted head.hackage CI jobs failing due to some variation of the following error:

$ nix run -f ./ci -c curl -L "$GHC_TARBALL" > ghc.tar.xz
trace: Warning: `stdenv.lib` is deprecated and will be removed in the next release. Please use `lib` instead. For more information see https://github.com/NixOS/nixpkgs/issues/108938
builder for '/nix/store/fv8zgvlrq596axmxwwlv63hxn28185fg-head-hackage-ci-0.1.0.0.drv' failed due to signal 9 (Killed); last 10 log lines:
  setupCompilerEnvironmentPhase
  Build with /nix/store/qabwi7rkqwppxbp575vq7khy6v2vqv81-ghc-8.10.4.
  unpacking sources
  unpacking source archive /nix/store/6cggp66y182f88lcz0kf9mzpba0mx1h9-ci
  source root is ci
  patching sources
  compileBuildDriverPhase
  setupCompileFlags: -package-db=/tmp/nix-build-head-hackage-ci-0.1.0.0.drv-0/setup-package.conf.d -j16 +RTS -A64M -RTS -threaded -rtsopts
  [1 of 1] Compiling Main             ( Setup.hs, /tmp/nix-build-head-hackage-ci-0.1.0.0.drv-0/Main.o )
  Linking Setup ...
cannot build derivation '/nix/store/jj1kfsb60c3zqq2jm7bmablawdjqf7dg-repo.drv': 1 dependencies couldn't be built
error: build of '/nix/store/jj1kfsb60c3zqq2jm7bmablawdjqf7dg-repo.drv' failed

Note that it's not always head-hackage-ci that fails to build. For instance, this one fails when building optparse-applicative, but otherwise the error appears quite similar.

This appears to be somewhat nondeterministic, as it happens on some CI jobs on not on others.

---

FYI: A record of jobs that die with Signal 9 can be explored at https://grafana.gitlab.haskell.org/d/167r9v6nk/ci-spurious-failures?orgId=2&refresh=15m&var-types=signal_9&from=now-14d&to=now -Bryan