(doris) branch master updated: [fix](filecache) avoid SIGSEGV in background LRU update when clear cache (#60533)

gavinchou Tue, 17 Mar 2026 10:57:22 -0700

This is an automated email from the ASF dual-hosted git repository.

gavinchou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git



The following commit(s) were added to refs/heads/master by this push:
     new fee877be572 [fix](filecache) avoid SIGSEGV in background LRU update 
when clear cache (#60533)
fee877be572 is described below

commit fee877be5724e4abedfed5cab3022f6a4a387e20
Author: zhengyu <[email protected]>
AuthorDate: Wed Mar 18 01:56:00 2026 +0800

    [fix](filecache) avoid SIGSEGV in background LRU update when clear cache 
(#60533)
    
    The background LRU update thread
    (BlockFileCache::run_background_block_lru_update) uses cell which is a
    raw pointer owned by the cache’s internal _files map and may be unset
    during clearing cache.
---
 be/src/io/cache/block_file_cache.cpp             | 26 ++++++++++------
 be/src/io/cache/file_block.h                     |  2 +-
 be/test/io/cache/need_update_lru_blocks_test.cpp | 39 ++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/be/src/io/cache/block_file_cache.cpp 
b/be/src/io/cache/block_file_cache.cpp
index ebef77d040e..a1109443aeb 100644
--- a/be/src/io/cache/block_file_cache.cpp
+++ b/be/src/io/cache/block_file_cache.cpp
@@ -497,17 +497,23 @@ Status 
BlockFileCache::initialize_unlocked(std::lock_guard<std::mutex>& cache_lo
 
 void BlockFileCache::update_block_lru(FileBlockSPtr block,
                                       std::lock_guard<std::mutex>& cache_lock) 
{
-    FileBlockCell* cell = block->cell;
-    if (cell) {
-        if (cell->queue_iterator) {
-            auto& queue = get_queue(block->cache_type());
-            queue.move_to_end(*cell->queue_iterator, cache_lock);
-            _lru_recorder->record_queue_event(block->cache_type(), 
CacheLRULogType::MOVETOBACK,
-                                              block->_key.hash, 
block->_key.offset,
-                                              block->_block_range.size());
-        }
-        cell->update_atime();
+    if (!block) {
+        return;
+    }
+
+    FileBlockCell* cell = get_cell(block->get_hash_value(), block->offset(), 
cache_lock);
+    if (!cell || cell->file_block.get() != block.get()) {
+        return;
+    }
+
+    if (cell->queue_iterator) {
+        auto& queue = get_queue(block->cache_type());
+        queue.move_to_end(*cell->queue_iterator, cache_lock);
+        _lru_recorder->record_queue_event(block->cache_type(), 
CacheLRULogType::MOVETOBACK,
+                                          block->_key.hash, block->_key.offset,
+                                          block->_block_range.size());
     }
+    cell->update_atime();
 }
 
 void BlockFileCache::use_cell(const FileBlockCell& cell, FileBlocks* result, 
bool move_iter_flag,
diff --git a/be/src/io/cache/file_block.h b/be/src/io/cache/file_block.h
index fba47a0aff8..18df360344f 100644
--- a/be/src/io/cache/file_block.h
+++ b/be/src/io/cache/file_block.h
@@ -172,7 +172,7 @@ private:
     size_t _downloaded_size {0};
     bool _is_deleting {false};
 
-    FileBlockCell* cell;
+    FileBlockCell* cell {nullptr};
 };
 
 extern std::ostream& operator<<(std::ostream& os, const FileBlock::State& 
value);
diff --git a/be/test/io/cache/need_update_lru_blocks_test.cpp 
b/be/test/io/cache/need_update_lru_blocks_test.cpp
index f4f034113ef..ca9419a3351 100644
--- a/be/test/io/cache/need_update_lru_blocks_test.cpp
+++ b/be/test/io/cache/need_update_lru_blocks_test.cpp
@@ -18,6 +18,7 @@
 #include <gtest/gtest.h>
 
 #include <memory>
+#include <mutex>
 #include <vector>
 
 #include "io/cache/block_file_cache.h"
@@ -109,4 +110,42 @@ TEST(NeedUpdateLRUBlocksTest, ClearIsIdempotent) {
     EXPECT_EQ(0u, pending.drain(4, &drained));
 }
 
+TEST(NeedUpdateLRUBlocksTest, 
UpdateBlockLRUIgnoresNullAndCorruptedCellPointer) {
+    io::FileCacheSettings settings;
+    settings.capacity = 1024 * 1024;
+    settings.query_queue_size = 1024 * 1024;
+    settings.query_queue_elements = 10;
+    settings.max_file_block_size = 1024;
+    settings.max_query_cache_size = 1024 * 1024;
+    settings.storage = "memory";
+
+    io::BlockFileCache mgr("memory", settings);
+
+    {
+        std::lock_guard<std::mutex> cache_lock(mgr._mutex);
+        FileBlockSPtr null_block;
+        mgr.update_block_lru(null_block, cache_lock);
+    }
+
+    FileCacheKey key;
+    key.hash = io::BlockFileCache::hash("update_block_lru_corrupted_cell");
+    key.offset = 0;
+    key.meta.expiration_time = 0;
+    key.meta.type = FileCacheType::NORMAL;
+    key.meta.tablet_id = 0;
+
+    auto block =
+            std::make_shared<FileBlock>(key, /*size*/ 1, /*mgr*/ &mgr, 
FileBlock::State::EMPTY);
+    EXPECT_EQ(nullptr, block->cell);
+
+    // Simulate a corrupted/stale cell pointer. Previously update_block_lru()
+    // dereferenced block->cell directly and could crash.
+    block->cell = reinterpret_cast<FileBlockCell*>(0x1);
+
+    {
+        std::lock_guard<std::mutex> cache_lock(mgr._mutex);
+        mgr.update_block_lru(block, cache_lock);
+    }
+}
+
 } // namespace doris::io


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(doris) branch master updated: [fix](filecache) avoid SIGSEGV in background LRU update when clear cache (#60533)

Reply via email to