(doris) branch branch-4.0 updated: branch-4.0: [fix](filecache) avoid SIGSEGV in background LRU update when clear cache #60533 (#61444)

yiguolei Tue, 26 May 2026 06:54:43 -0700

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch branch-4.0
in repository https://gitbox.apache.org/repos/asf/doris.git



The following commit(s) were added to refs/heads/branch-4.0 by this push:
     new 7fd5205aca0 branch-4.0: [fix](filecache) avoid SIGSEGV in background 
LRU update when clear cache #60533 (#61444)
7fd5205aca0 is described below

commit 7fd5205aca012742413648b639b5408dac4f1c4a
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Tue May 26 21:54:27 2026 +0800

    branch-4.0: [fix](filecache) avoid SIGSEGV in background LRU update when 
clear cache #60533 (#61444)
    
    Cherry-picked from #60533
    
    ---------
    
    Co-authored-by: zhengyu <[email protected]>
    Co-authored-by: zhengyu <[email protected]>
---
 be/src/io/cache/block_file_cache.cpp             | 26 +++++++++-------
 be/src/io/cache/file_block.h                     |  2 +-
 be/test/io/cache/need_update_lru_blocks_test.cpp | 38 ++++++++++++++++++++++++
 3 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/be/src/io/cache/block_file_cache.cpp 
b/be/src/io/cache/block_file_cache.cpp
index 620603ffed7..479197d7daf 100644
--- a/be/src/io/cache/block_file_cache.cpp
+++ b/be/src/io/cache/block_file_cache.cpp
@@ -487,17 +487,23 @@ Status 
BlockFileCache::initialize_unlocked(std::lock_guard<std::mutex>& cache_lo
 
 void BlockFileCache::update_block_lru(FileBlockSPtr block,
                                       std::lock_guard<std::mutex>& cache_lock) 
{
-    FileBlockCell* cell = block->cell;
-    if (cell) {
-        if (cell->queue_iterator) {
-            auto& queue = get_queue(block->cache_type());
-            queue.move_to_end(*cell->queue_iterator, cache_lock);
-            _lru_recorder->record_queue_event(block->cache_type(), 
CacheLRULogType::MOVETOBACK,
-                                              block->_key.hash, 
block->_key.offset,
-                                              block->_block_range.size());
-        }
-        cell->update_atime();
+    if (!block) {
+        return;
+    }
+
+    FileBlockCell* cell = get_cell(block->get_hash_value(), block->offset(), 
cache_lock);
+    if (!cell || cell->file_block.get() != block.get()) {
+        return;
+    }
+
+    if (cell->queue_iterator) {
+        auto& queue = get_queue(block->cache_type());
+        queue.move_to_end(*cell->queue_iterator, cache_lock);
+        _lru_recorder->record_queue_event(block->cache_type(), 
CacheLRULogType::MOVETOBACK,
+                                          block->_key.hash, block->_key.offset,
+                                          block->_block_range.size());
     }
+    cell->update_atime();
 }
 
 void BlockFileCache::use_cell(const FileBlockCell& cell, FileBlocks* result, 
bool move_iter_flag,
diff --git a/be/src/io/cache/file_block.h b/be/src/io/cache/file_block.h
index eab74e827a8..10263c0e273 100644
--- a/be/src/io/cache/file_block.h
+++ b/be/src/io/cache/file_block.h
@@ -169,7 +169,7 @@ private:
     size_t _downloaded_size {0};
     bool _is_deleting {false};
 
-    FileBlockCell* cell;
+    FileBlockCell* cell {nullptr};
 };
 
 extern std::ostream& operator<<(std::ostream& os, const FileBlock::State& 
value);
diff --git a/be/test/io/cache/need_update_lru_blocks_test.cpp 
b/be/test/io/cache/need_update_lru_blocks_test.cpp
index 31b6eccab25..2956e4b84c8 100644
--- a/be/test/io/cache/need_update_lru_blocks_test.cpp
+++ b/be/test/io/cache/need_update_lru_blocks_test.cpp
@@ -18,6 +18,7 @@
 #include <gtest/gtest.h>
 
 #include <memory>
+#include <mutex>
 #include <vector>
 
 #include "io/cache/block_file_cache.h"
@@ -108,4 +109,41 @@ TEST(NeedUpdateLRUBlocksTest, ClearIsIdempotent) {
     EXPECT_EQ(0u, pending.drain(4, &drained));
 }
 
+TEST(NeedUpdateLRUBlocksTest, 
UpdateBlockLRUIgnoresNullAndCorruptedCellPointer) {
+    io::FileCacheSettings settings;
+    settings.capacity = 1024 * 1024;
+    settings.query_queue_size = 1024 * 1024;
+    settings.query_queue_elements = 10;
+    settings.max_file_block_size = 1024;
+    settings.max_query_cache_size = 1024 * 1024;
+    settings.storage = "memory";
+
+    io::BlockFileCache mgr("memory", settings);
+
+    {
+        std::lock_guard<std::mutex> cache_lock(mgr._mutex);
+        FileBlockSPtr null_block;
+        mgr.update_block_lru(null_block, cache_lock);
+    }
+
+    FileCacheKey key;
+    key.hash = io::BlockFileCache::hash("update_block_lru_corrupted_cell");
+    key.offset = 0;
+    key.meta.expiration_time = 0;
+    key.meta.type = FileCacheType::NORMAL;
+
+    auto block =
+            std::make_shared<FileBlock>(key, /*size*/ 1, /*mgr*/ &mgr, 
FileBlock::State::EMPTY);
+    EXPECT_EQ(nullptr, block->cell);
+
+    // Simulate a corrupted/stale cell pointer. Previously update_block_lru()
+    // dereferenced block->cell directly and could crash.
+    block->cell = reinterpret_cast<FileBlockCell*>(0x1);
+
+    {
+        std::lock_guard<std::mutex> cache_lock(mgr._mutex);
+        mgr.update_block_lru(block, cache_lock);
+    }
+}
+
 } // namespace doris::io


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(doris) branch branch-4.0 updated: branch-4.0: [fix](filecache) avoid SIGSEGV in background LRU update when clear cache #60533 (#61444)

Reply via email to