======

And it turns out the JITed code overwrites native stack position at trace head. It can be walked around by set SPS_FIXED to 0.

The JITed code is doing register spill and assuming there is "2 fixed spill slots" (defined by SPS_FIXED). But there seems no "fixed spill slots" in arm64 interpreter implementation. Is it true? Could anyone provide some info of aarch64 frame layout?

Any input will help! Thanks.