> diff --git a/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
> b/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
> new file mode 100644
> index 000000000000..a596926ea233
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/memcg_ops.c
[ ... ]
> +void test_memcg_ops_over_high(void)
> +{
> + int err, map_fd;
> + struct memcg_ops *skel = NULL;
[ ... ]
> + skel = memcg_ops__open_and_load();
> + if (!ASSERT_OK_PTR(skel, "memcg_ops__open_and_load"))
> + goto out;
[ ... ]
> +out:
> + bpf_link__destroy(link);
> + bpf_link__destroy(link2);
> + memcg_ops__detach(skel);
> + memcg_ops__destroy(skel);
^^^^
Can this cause a NULL pointer dereference? When memcg_ops__open_and_load()
fails, skel is NULL and the code jumps to out: where memcg_ops__detach(skel)
is called. The generated __detach() function does not check for NULL, unlike
__destroy() which does. Since __destroy() already calls __detach() internally
after checking for NULL, the explicit memcg_ops__detach(skel) call appears
to be unnecessary and would crash when skel is NULL.
The same pattern appears in test_memcg_ops_below_low_over_high() and
test_memcg_ops_below_min_over_high().
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21392729810
AI-authorship-score: medium
AI-authorship-explanation: The commit message uses verbose, explanatory
language with markdown formatting that is somewhat atypical for kernel commits,
and the repetitive test function structure with the redundant detach call
suggests possible AI assistance in code generation.
issues-found: 1
issue-severity-score: low
issue-severity-explanation: The memcg_ops__detach(NULL) call can crash the test
if the skeleton fails to load, but this only affects the selftest program and
not the kernel itself.
