ERROR: Error during SonarScanner execution java.lang.StackOverflowError

When I try to run the sonar scanner on a PHP project, the scan fails with an error java.lang.StackOverflowError.

• SonarScanner 4.3.0.2102
• Log from scanner:

INFO: 08:31:57.256 Building Type propagation graph
INFO: 08:31:57.262 Running Tarjan on 3564 nodes
INFO: 08:31:57.265 Tarjan found 3564 components
INFO: 08:31:57.273 Variable type analysis: done
INFO: 08:31:57.274 Building Type propagation graph
INFO: 08:31:57.279 Running Tarjan on 3552 nodes
INFO: 08:31:57.281 Tarjan found 3552 components
INFO: 08:31:57.286 Variable type analysis: done
INFO: Analyzing 1595 ucfgs to detect vulnerabilities.
INFO: All rules entrypoints : 0 Retained UCFGs : 0
INFO: rule: S5334, entrypoints: 0
INFO: rule: S5334 done
INFO: rule: S5135, entrypoints: 0
INFO: rule: S5135 done
INFO: rule: S3649, entrypoints: 0
INFO: rule: S3649 done
INFO: rule: S5146, entrypoints: 0
INFO: rule: S5146 done
INFO: rule: S2083, entrypoints: 0
INFO: rule: S2083 done
INFO: rule: S2091, entrypoints: 0
INFO: rule: S2091 done
INFO: rule: S2078, entrypoints: 0
INFO: rule: S2078 done
INFO: rule: S5145, entrypoints: 0
INFO: rule: S5145 done
INFO: rule: S5167, entrypoints: 0
INFO: rule: S5167 done
INFO: rule: S5144, entrypoints: 0
INFO: rule: S5144 done
INFO: rule: S2076, entrypoints: 0
INFO: rule: S2076 done
INFO: rule: S5131, entrypoints: 0
INFO: rule: S5131 done
INFO: rule: S2631, entrypoints: 0
INFO: rule: S2631 done
INFO: Sensor PythonSecuritySensor [security] (done) | time=262ms
INFO: Sensor JsSecuritySensor [security]
INFO: Reading type hierarchy from: ...
INFO: Read 0 type definitions
INFO: Reading UCFGs from: ...
INFO: 08:31:58.335 Building Type propagation graph
INFO: 08:31:58.52 Running Tarjan on 28808 nodes
INFO: 08:31:58.542 Tarjan found 28796 components
INFO: 08:31:58.57 Variable type analysis: done
INFO: 08:31:58.57 Building Type propagation graph
INFO: 08:31:58.799 Running Tarjan on 28808 nodes
INFO: 08:31:58.816 Tarjan found 28796 components
INFO: 08:31:58.848 Variable type analysis: done
INFO: Analyzing 4408 ucfgs to detect vulnerabilities.
INFO: rule: S3649, entrypoints: 262
INFO: Running symbolic analysis
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 2:57.756s
INFO: Final Memory: 137M/1740M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
java.lang.StackOverflowError
	at java.util.Comparator.lambda$comparingLong$6043328a$1(Comparator.java:511)
	at java.util.Comparator.lambda$thenComparing$36697e65$1(Comparator.java:216)
	at java.util.TimSort.countRunAndMakeAscending(TimSort.java:355)
	at java.util.TimSort.sort(TimSort.java:220)
	at java.util.Arrays.sort(Arrays.java:1512)
	at java.util.ArrayList.sort(ArrayList.java:1462)
	at com.sonar.security.analysis.D.A.K.B(na:1880)
	at com.sonar.security.analysis.D.A.K.A(na:530)
	at com.sonar.security.analysis.D.A.K.C(na:793)
	at com.sonar.security.analysis.D.C.I.B(na:1433)
	at com.sonar.security.analysis.D.C.I.A(na:1816)
	at com.sonar.security.analysis.D.A.K.A(na:567)
	at com.sonar.security.analysis.D.C.C.A(na:3057)
	at com.sonar.security.analysis.D.C.C.A(na:2669)
	at com.sonar.security.analysis.D.C.F.A(na:2260)
	at com.sonar.security.analysis.D.A.K.A(na:567)
	at com.sonar.security.analysis.D.A.T.B(na:1337)
	at com.sonar.security.analysis.D.C.G.B(na:713)
	at com.sonar.security.analysis.D.C.G.A(na:1183)
	at com.sonar.security.analysis.D.A.T.A(na:1619)
	at com.sonar.security.analysis.D.C.A(na:28)
	at com.sonar.security.analysis.D.C.A(na:487)
	at com.sonar.security.analysis.D.C.A(na:2184)
	at com.sonar.security.analysis.D.C.B(na:3216)
	at java.lang.Iterable.forEach(Iterable.java:75)
	at com.sonar.security.analysis.D.C.A(na:3216)
	at com.sonar.security.analysis.D.C.A(na:1802)
	at com.sonar.security.analysis.D.C.A(na:2407)
	at com.sonar.security.analysis.D.C.A(na:3056)
	...
	at com.sonar.security.analysis.D.C.A(na:3056)
ERROR: 
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.
WARN: Unable to locate 'report-task.txt' in the workspace. Did the SonarScanner succeed?
ERROR: SonarQube scanner exited with non-zero code: 1
[Checks API] No suitable checks publisher found.
Finished: FAILURE

• This occurs every time I try to scan the project.
• I am using SonarCloud:
  • ALM used: Bitbucket
  • CI System: Jenkins

Hello, @kyleengler. Could you please tell me if you are using your own CI pipeline or whether this is an open source project on SonarCloud?

This is not for an open source project. It is hosted on Bitbucket, and I am using Jenkins to run the scan.

It seems that you could have an access to build server then. Would it be possible for you to provide me the contents of .sonarqube folder to me (you should have folder starting with “.sonar” in the root folder of your project on your build server). I can DM you, so that you could share those files with me securely. Let me know if that works for you.

Yes that works for me. I can send you the files from the build server.

Hello @kyleengler,

Thank you for reporting this and helping us find the root cause of the issue !
While we are investigating it in more details and preparing a fix, I suggest you disable rule S3649 from your JavaScript quality profile, this should prevent the analysis from failing in the meantime.