backend: clobber MetaEntry-s in dealloc_chunk

Otherwise these won't get updated until the small buddy allocator hands them off
to the large buddy allocator (when they morph into being rbtree nodes) and so
the frontend might get confused in the interim (including risk of UAF on
double-free).

Author: nwf-msr

src/backend/backend.h

@@ -305,11 +305,18 @@ namespace snmalloc
     {
       auto chunk = chunk_record->meta_common.chunk;
 
+      /*
+       * The backend takes possession of these chunks now, by disassociating
+       * any existing remote allocator and metadata structure.  If
+       * interrogated, the sizeclass reported by the MetaEntry is 0, which has
+       * size 0.
+       */
+      MetaEntry t(nullptr, MetaEntry::REMOTE_BACKEND_MARKER);
+      Pagemap::set_metaentry(address_cast(chunk), size, t);
+
       local_state.get_meta_range()->dealloc_range(
         capptr::Chunk<void>(chunk_record), PAGEMAP_METADATA_STRUCT_SIZE);
 
-      // TODO, should we set the sizeclass to something specific here?
-
       local_state.object_range->dealloc_range(chunk, size);
     }