segment mangling translation fails to restore spills

This shows up as an assert:

$ bin64/drrun -stress_recreate_state -- suite/tests/bin/common.decode
<...>
Bad instruction, instance 9
<Application /home/bruening/dr/git/build_x64_dbg_tests/suite/tests/bin/common.decode (2246941).  Internal Error: DynamoRIO debug check failure: /home/bruening/dr/git/src/core/translate.c:245 walk->reg_spill_offs[r] == UINT_MAX
(Error occurred @2229 frags)


interp: start_pc = 0x00007f6f15105f05
check_thread_vm_area: pc = 0x00007f6f15105f05
prepend_entry_to_fraglist: putting fragment @0x00007f6f15105f05 (shared) on vmarea 0x00007f6f15105000-0x00007f6f15107000
check_thread_vm_area: check_stop = 0x00007f6f15107000
  0x00007f6f15105f05  50                   push   %rax %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
  0x00007f6f15105f06  66 8c e0             data16 mov    %fs -> %ax
  0x00007f6f15105f09  8c 24 24             mov    %fs -> (%rsp)[4byte]
  0x00007f6f15105f0c  8c e0                mov    %fs -> %eax
  0x00007f6f15105f0e  48 8c 24 24          mov    %fs -> (%rsp)[8byte]
  0x00007f6f15105f12  58                   pop    %rsp (%rsp)[8byte] -> %rax %rsp
  0x00007f6f15105f13  48 83 c4 00          add    $0x0000000000000000 %rsp -> %rsp
        wrote all 6 flags now!
  0x00007f6f15105f17  c3                   ret    %rsp (%rsp)[8byte] -> %rsp
mbr exit target = 0x00007f6ed5117540
end_pc = 0x00007f6f15105f18

hashtable_fragment_add: added 0x00007f6f15105f05 to shared_bb at table[2642]
Fragment 2229, tag 0x00007f6f15105f05, flags 0x1000630, shared, size 111:
        
  0x00007f6ed5190c24  50                   push   %rax %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
  0x00007f6ed5190c25  66 65 a1 78 00 00 00 data16 mov    %gs:0x78[2byte] -> %ax
                      00 00 00 00
  0x00007f6ed5190c30  65 48 a3 00 00 00 00 mov    %rax -> %gs:0x00[8byte]
                      00 00 00 00
  0x00007f6ed5190c3b  65 0f b7 04 25 78 00 movzx  %gs:0x78[2byte] -> %eax
                      00 00
  0x00007f6ed5190c44  89 04 24             mov    %eax -> (%rsp)[4byte]
  0x00007f6ed5190c47  65 48 a1 00 00 00 00 mov    %gs:0x00[8byte] -> %rax
                      00 00 00 00
  0x00007f6ed5190c52  65 0f b7 04 25 78 00 movzx  %gs:0x78[2byte] -> %eax
                      00 00
  0x00007f6ed5190c5b  65 48 a3 00 00 00 00 mov    %rax -> %gs:0x00[8byte]
                      00 00 00 00
  0x00007f6ed5190c66  65 48 0f b7 04 25 78 movzx  %gs:0x78[2byte] -> %rax
                      00 00 00
  0x00007f6ed5190c70  48 89 04 24          mov    %rax -> (%rsp)[8byte]
  0x00007f6ed5190c74  65 48 a1 00 00 00 00 mov    %gs:0x00[8byte] -> %rax
                      00 00 00 00
  0x00007f6ed5190c7f  58                   pop    %rsp (%rsp)[8byte] -> %rax %rsp
  0x00007f6ed5190c80  48 83 c4 00          add    $0x0000000000000000 %rsp -> %rsp
  0x00007f6ed5190c84  65 48 89 0c 25 10 00 mov    %rcx -> %gs:0x10[8byte]
                      00 00
  0x00007f6ed5190c8d  59                   pop    %rsp (%rsp)[8byte] -> %rcx %rsp
  0x00007f6ed5190c8e  e9 ad 68 f8 ff       jmp    $0x00007f6ed5117540 <shared_bb_ibl_ret>

bb ilist after mangling:
TAG  0x00007f6f15105f05
 +0    L3 @0x00007f6cd51b9920  50                   push   %rax %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
 +1    L4 @0x00007f6cd51e5a00  66 65 a1 78 00 00 00 data16 mov    %gs:0x78[2byte] -> %ax
                               00 00 00 00
 +12   m4 @0x00007f6cd51e6200  65 48 a3 00 00 00 00 mov    %rax -> %gs:0x00[8byte]
                               00 00 00 00
 +23   m4 @0x00007f6cd51be8e8  65 0f b7 04 25 78 00 movzx  %gs:0x78[2byte] -> %eax
                               00 00
 +32   L4 @0x00007f6cd51bdee8  89 04 24             mov    %eax -> (%rsp)[4byte]
 +35   m4 @0x00007f6cd51bdc68  65 48 a1 00 00 00 00 mov    %gs:0x00[8byte] -> %rax
                               00 00 00 00
 +46   L4 @0x00007f6cd51e68e8  65 0f b7 04 25 78 00 movzx  %gs:0x78[2byte] -> %eax
                               00 00
 +55   m4 @0x00007f6cd51bcb58  65 48 a3 00 00 00 00 mov    %rax -> %gs:0x00[8byte]
                               00 00 00 00
 +66   m4 @0x00007f6cd51be2e8  65 48 0f b7 04 25 78 movzx  %gs:0x78[2byte] -> %rax
                               00 00 00
 +76   L4 @0x00007f6cd51be280  48 89 04 24          mov    %rax -> (%rsp)[8byte]
 +80   m4 @0x00007f6cd51bc620  65 48 a1 00 00 00 00 mov    %gs:0x00[8byte] -> %rax
                               00 00 00 00
 +91   L3 @0x00007f6cd51ba818  58                   pop    %rsp (%rsp)[8byte] -> %rax %rsp
 +92   L3 @0x00007f6cd51b9fd0  48 83 c4 00          add    $0x0000000000000000 %rsp -> %rsp
 +96   m4 @0x00007f6cd51bd270  65 48 89 0c 25 10 00 mov    %rcx -> %gs:0x10[8byte]
                               00 00
 +105  m4 @0x00007f6cd51babb8  59                   pop    %rsp (%rsp)[8byte] -> %rcx %rsp
 +106  L4 @0x00007f6cd51ba750  e9 eb 2a f6 ff       jmp    $0x00007f6ed5117540 <shared_bb_ibl_ret>
END 0x00007f6f15105f05

recreate_app : looking for 0x00007f6ed5190c44 in frag @ 0x00007f6ed5190c24 (tag 0x00007f6f15105f05)
        ok instr: push   %rax %rsp -> %rsp 0xfffffff8(%rsp)[8byte]
        ok instr: data16 mov    %gs:0x78[2byte] -> %ax
        ok instr: mov    %rax -> %gs:0x00[8byte]
translate_walk_track_post_instr: entering mangle region xl8=0x00007f6f15105f09
        spill update: spill tls rax offs=0
        ok instr: movzx  %gs:0x78[2byte] -> %eax
unsupported mangle instr: movzx  %gs:0x78[2byte] -> %eax
translate_walk_track_pre_instr: from one mangle region to another
SYSLOG_ERROR: Application /home/bruening/dr/git/build_x64_dbg_tests/suite/tests/bin/common.decode (2254606).  Internal Error: DynamoRIO debug check failure: /home/brue
ning/dr/git/src/core/translate.c:245 walk->reg_spill_offs[r] == UINT_MAX

Action items:

1. Add movzx to list of known mangle instrs

2. rip-rel mangling marked the modified app instr as our-mangling; yet here this %fs read does not. Thus we end one mangle region and move to another, clearing all the state and expecting spills to be done.