From 69caa8715edd2a4133f52767c8b0307799c05e47 Mon Sep 17 00:00:00 2001
From: zhengyu <zhangzhengyu@selectdb.com>
Date: Tue, 27 Jan 2026 16:35:45 +0800
Subject: [PATCH] [fix](filecache) fix crash on reset_range when clearing cache
 concurrently

reset_range could dereference a null cell when a block was
evicted/removed while a downloader thread was finalizing a partial
block. FileBlock stayed alive via refcount, but its FileBlockCell had
already been erased from _files (when doing clear_cache operation),
leading to SIGSEGV.

Signed-off-by: zhengyu <zhangzhengyu@selectdb.com>
---
 be/src/io/cache/block_file_cache.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/be/src/io/cache/block_file_cache.cpp b/be/src/io/cache/block_file_cache.cpp
index 97454a364ca0c4..3df022200e29f8 100644
--- a/be/src/io/cache/block_file_cache.cpp
+++ b/be/src/io/cache/block_file_cache.cpp
@@ -1220,6 +1220,12 @@ void BlockFileCache::reset_range(const UInt128Wrapper& hash, size_t offset, size
            _files.find(hash)->second.find(offset) != _files.find(hash)->second.end());
     FileBlockCell* cell = get_cell(hash, offset, cache_lock);
     DCHECK(cell != nullptr);
+    if (cell == nullptr) {
+        LOG(WARNING) << "reset_range skipped because cache cell is missing. hash="
+                     << hash.to_string() << " offset=" << offset << " old_size=" << old_size
+                     << " new_size=" << new_size;
+        return;
+    }
     if (cell->queue_iterator) {
         auto& queue = get_queue(cell->file_block->cache_type());
         DCHECK(queue.contains(hash, offset, cache_lock));