frame::safe_for_sender might dereference an unchecked address. This might occur if the frame has stack slots with broken values for the return address, sender stack pointer, or link address. This might happen with AsyncGetCallTrace in a signal handler when the thread is interrupted while the frame is not yet properly constructed.