> diff --git a/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
> b/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
> index a019ba2387bc..08ac97752ac9 100644
> --- a/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
> +++ b/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
> @@ -539,3 +539,73 @@ void test_memcg_ops_below_min_over_high(void)
[ ... ]
> +void test_memcg_ops_hierarchies(void)
> +{
> + int ret, first = -1, second = -1, third = -1;
> + struct memcg_ops *skel;
^^^^
Should skel be initialized to NULL here? The other tests in this file
(test_memcg_ops_over_high, test_memcg_ops_below_low_over_high, and
test_memcg_ops_below_min_over_high) all initialize their skeleton pointers
to NULL.
If any of the early checks fail (e.g. setup_cgroup_environment() or
create_and_get_cgroup()), the code jumps to cleanup where memcg_ops__detach()
is called. The skeleton __detach() function dereferences its argument without
checking for NULL, which would cause a crash with an uninitialized pointer.
> + struct bpf_map *map;
> + struct bpf_link *link1 = NULL, *link2 = NULL, *link3 = NULL;
> + DECLARE_LIBBPF_OPTS(bpf_struct_ops_opts, opts);
> +
> + ret = setup_cgroup_environment();
> + if (!ASSERT_OK(ret, "setup_cgroup_environment"))
> + goto cleanup;
[ ... ]
> +cleanup:
> + bpf_link__destroy(link1);
> + bpf_link__destroy(link2);
> + bpf_link__destroy(link3);
> + memcg_ops__detach(skel);
^^^^
This dereferences skel without checking if it was ever assigned.
> + close(first);
> + close(second);
> + close(third);
> + cleanup_cgroup_environment();
> +}
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21352241149
