diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
index 5ae8f2c732f7f..5d6b2e1f0421b 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
@@ -1273,6 +1273,7 @@ void JIT::emit_op_in_by_id(const JSInstruction* currentInstruction)
     addSlowCase();
     m_inByIds.append(gen);
 
+    resetSP(); // We might OSR exit here, so we need to conservatively reset SP
     setFastPathResumePoint();
     emitPutVirtualRegister(resultVReg, resultJSR);
 }
@@ -1333,6 +1334,7 @@ void JIT::emit_op_in_by_val(const JSInstruction* currentInstruction)
     addSlowCase();
     m_inByVals.append(gen);
 
+    resetSP(); // We might OSR exit here, so we need to conservatively reset SP
     setFastPathResumePoint();
     emitPutVirtualRegister(dst, resultJSR);
 }
@@ -1385,6 +1387,7 @@ void JIT::emitHasPrivate(VirtualRegister dst, VirtualRegister base, VirtualRegis
     addSlowCase();
     m_inByVals.append(gen);
 
+    resetSP(); // We might OSR exit here, so we need to conservatively reset SP
     setFastPathResumePoint();
     emitPutVirtualRegister(dst, resultJSR);
 }