In src/cursor/cur_layered.c, the caller __clayered_truncate_follower extracts ingest_cursor from the start and stop layered cursors (lines 892-893) and passes them to __clayered_position_near_key and ultimately to __clayered_range_truncate_ingest (line 849) without checking for null.

The ingest_cursor field is explicitly set to NULL in at least two places in cur_layered.c (lines 200 and 564), so a null value is a reachable state. If null, a crash occurs in __clayered_position_near_key (line 822) before reaching line 849, but the missing guard is real regardless. There is no documented precondition requiring ingest_cursor to be non-null on entry to this path.

Suggested fix: Add an explicit null check on ingest_cursor in __clayered_truncate_follower before calling __clayered_position_near_key, with an appropriate early return or error log explaining that a layered cursor with no ingest cursor cannot be range-truncated.

Affected files: src/cursor/cur_layered.c
Coverity CID: 204628