Stack adjustment should be based on `p->upper`; fix #3857

It used to be based on `ci->proc` but the callinfo position may be
wrong when `ecall()` is called during stack rewinding from `OP_RETURN`.

src/vm.c

@@ -309,7 +309,6 @@ static void
 ecall(mrb_state *mrb)
 {
   struct RProc *p;
-  int nregs;
   struct mrb_context *c = mrb->c;
   mrb_callinfo *ci = c->ci;
   struct RObject *exc;
@@ -325,7 +324,6 @@ ecall(mrb_state *mrb)
   p = c->ensure[i];
   if (!p) return;
   mrb_assert(!MRB_PROC_CFUNC_P(p));
-  nregs = ci->proc->body.irep->nregs;
   c->ensure[i] = NULL;
   cioff = ci - c->cibase;
   ci = cipush(mrb);
@@ -338,7 +336,7 @@ ecall(mrb_state *mrb)
   ci->target_class = MRB_PROC_TARGET_CLASS(p);
   env = MRB_PROC_ENV(p);
   mrb_assert(env);
-  c->stack += nregs;
+  c->stack += p->upper->body.irep->nregs;
   exc = mrb->exc; mrb->exc = 0;
   if (exc) {
     mrb_gc_protect(mrb, mrb_obj_value(exc));