Fix printing backtrace during generator closing

Fixes GH-15851

Author: iluuu1994

Zend/tests/generators/gh15851.phpt

@@ -0,0 +1,27 @@
+--TEST--
+GH-15851: Access on NULL when printing backtrace with freed generator
+--FILE--
+<?php
+
+class Foo {
+    public function __destruct() {
+        debug_print_backtrace();
+    }
+}
+
+function bar() {
+    yield from foo();
+}
+
+function foo() {
+    $foo = new Foo();
+    yield;
+}
+
+$gen = bar();
+foreach ($gen as $dummy);
+
+?>
+--EXPECTF--
+#0 %s(%d): Foo->__destruct()
+#1 %s(%d): bar()

Zend/zend_builtin_functions.c

@@ -1725,6 +1725,16 @@ ZEND_API void zend_fetch_debug_backtrace(zval *return_value, int skip_last, int
 	}
 
 	while (call && (limit == 0 || frameno < limit)) {
+		if (UNEXPECTED(!call->func)) {
+			/* This is the fake frame inserted for nested generators. Normally,
+			 * this frame is preceded by the actual generator frame and then
+			 * replaced by zend_generator_check_placeholder_frame() below.
+			 * However, the frame is popped before cleaning the stack frame,
+			 * which is observable by destructors. */
+			call = zend_generator_check_placeholder_frame(call);
+			ZEND_ASSERT(call->func);
+		}
+
 		zend_execute_data *prev = call->prev_execute_data;
 
 		if (!prev) {