Panic when building call graph for some programs

[picatz]

> load syzkaller
panic: runtime error: invalid memory address or nil pointer dereference
                                                                       [signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x104605f54]

                                                                                                                                                goroutine 1 [running]:
                   go/types.(*Package).Path(...)
                                                    /opt/homebrew/Cellar/go/1.21.4/libexec/src/go/types/package.go:33
                                                                                                                         github.com/picatz/taint/callgraph.checkBlockInstruction(0x140477b5c80?, 0x14064eb16c8?, 0x1403798ab40, 0x14047a65b00, {0x1046f4d10?, 0x1404a749600})
                                                                                                                            /Users/picat/Documents/GitHub/taint/callgraph/callgraph.go:135 +0xe4
                                                 github.com/picatz/taint/callgraph.New(0x140477b5c80, {0x1402fe8e800, 0x5ca, 0xd?})
                                                                                                                                    /Users/picat/Documents/GitHub/taint/callgraph/callgraph.go:42 +0x310
                                                         main.glob..func2({0x1046f44d8, 0x1400006b4f0}, 0x14000121d98?, {0x1400005e3b0?, 0x14000110540?, 0x0?}, 0x14000121df8?)
                                /Users/picat/Documents/GitHub/taint/cmd/taint/main.go:363 +0x584
                                                                                                main.commands.eval({0x104874ac0, 0x8, 0x8}, {0x1046f44d8, 0x1400006b4f0}, 0x14000022300, {0x140000183f0?, 0x10461387b?})
                                                                        /Users/picat/Documents/GitHub/taint/cmd/taint/main.go:242 +0x318
                                                                                                                                        main.startShell({0x1046f44d8, 0x1400006b4f0})
                                    /Users/picat/Documents/GitHub/taint/cmd/taint/main.go:708 +0x2f8
                                                                                                        main.main()
                                                                                                                    /Users/picat/Documents/GitHub/taint/cmd/taint/main.go:741 +0x30

https://github.com/picatz/taint/blob/5d93683df8f992ef11dc052f2d2c53337a69c8b3/callgraph/callgraph.go#L135

☝️ This is an overly optimistic selector expression for the instruction call method's package path. This should be avoided, even if it makes it a bit more verbose, by performing proper nil checks. This means we'll likely need to handle resolving the *ssa.Function for this case; I'm assuming this is a builtin function.

[picatz]

func (*types.object).Pkg() *types.Package

Pkg returns the package to which the object belongs. The result is nil for labels and objects in the Universe scope.

The Universe scope contains all predeclared objects of Go. It is the outermost scope of any chain of nested scopes. https://go.dev/src/go/types/universe.go

[picatz]

Tracked down the source of the issue:

    } else if err != nil {
        panic("error while scanning from memory: " + err.Error())
    }

Specifically, this interface method call:

err.Error()

https://github.com/google/syzkaller/blob/fb427a0782000106c62de76d251e5a02de5406a9/pkg/email/patch.go#L44