Skip to content

Fix zero‑copy unlock check before part dir move#95597

Merged
alexey-milovidov merged 2 commits intoClickHouse:masterfrom
filimonov:fix_zero_copy_regression_after_94262
Feb 6, 2026
Merged

Fix zero‑copy unlock check before part dir move#95597
alexey-milovidov merged 2 commits intoClickHouse:masterfrom
filimonov:fix_zero_copy_regression_after_94262

Conversation

@filimonov
Copy link
Contributor

@filimonov filimonov commented Jan 30, 2026
edited
Loading

Changelog category (leave one):

  • Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a [user-readable short description]

Fix regression in (experimental) zero‑copy replication introduced by #94262 where shared parts could be deleted before other replicas finished fetching them.

Documentation entry for user-facing changes

#94262 fixes a data race between part removal and system.parts by stopping DataPartStorageOnDiskBase::remove() from updating part_dir after moveDirectory(). Previously the code did part_dir = delete_tmp_*, but that write could race with getFullPath() reads. The fix removed the write, so part_dir stays unchanged during removal, eliminating the race.

But that change accidentally broke zero‑copy cleanup: the “can we delete shared blobs?” check (unlockSharedData) reads a refcount file via part_dir. After the move, part_dir now points to the old location, so the check fails and the code assumes the part is temporary and deletes blobs without ZooKeeper checks. The fix is to evaluate the “can remove” decision before the directory is moved, while the refcount file is still visible, and then reuse that decision after the move.
This matches existing nearby branches that already call can_remove_callback() before disk operations.

No new tests added; zero‑copy replication test coverage has been removed in newer branches. Change was validated internally.

P.S. This should be backported to the branches where #94262 was backported, since it introduced the regression.

This was referenced Jan 30, 2026
Open
Closed
@alexey-milovidov alexey-milovidov added the can be tested Allows running workflows for external contributors label Jan 30, 2026
@clickhouse-gh
Copy link
Contributor

clickhouse-gh bot commented Jan 30, 2026
edited
Loading

Workflow [PR], commit [0d2272c]

Summary:

job_name test_name status info comment
Stateless tests (amd_binary, ParallelReplicas, s3 storage, parallel) failure
03812_join_order_ubsan_overflow FAIL cidb
Stress test (amd_tsan) failure
Logical error: Block structure mismatch in A stream: different number of columns: (STID: 0993-2da1) FAIL cidb, issue
Upgrade check (amd_asan) failure
Error message in clickhouse-server.log (see upgrade_error_messages.txt) FAIL cidb
Upgrade check (amd_msan) failure
Error message in clickhouse-server.log (see upgrade_error_messages.txt) FAIL cidb
Finish Workflow failure
python3 ./ci/jobs/scripts/workflow_hooks/new_tests_check.py failure

@clickhouse-gh clickhouse-gh bot added the pr-bugfix Pull request with bugfix, not backported by default label Jan 30, 2026
@tiandiwonder tiandiwonder self-assigned this Feb 1, 2026
@tiandiwonder tiandiwonder requested a review from Copilot February 1, 2026 23:34
Copilot AI reviewed Feb 1, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a regression in zero-copy replication introduced by #94262, where shared parts could be prematurely deleted before other replicas finished fetching them. The issue arose because the "can we delete shared blobs?" check was being performed after the part directory was moved, at which point the refcount file was no longer accessible at the expected path.

Changes:

  • Move the can_remove_callback() evaluation to occur before the directory move operation
  • Cache the result in can_remove_description for use after the move
  • Add explanatory comments documenting the zero-copy reference check requirement

tiandiwonder
tiandiwonder reviewed Feb 2, 2026
View reviewed changes
This was referenced Feb 2, 2026
Merged
Merged
Merged
Merged
@filimonov
Copy link
Contributor Author

filimonov commented Feb 5, 2026

failures are unrelated. @tiandiwonder ?

@tiandiwonder
Copy link
Contributor

tiandiwonder commented Feb 6, 2026

failures are unrelated. @tiandiwonder ?

Yes.

tiandiwonder
tiandiwonder approved these changes Feb 6, 2026
View reviewed changes
Copy link
Contributor

@tiandiwonder tiandiwonder left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @alexey-milovidov

@filimonov
Copy link
Contributor Author

filimonov commented Feb 6, 2026

@aalexfvk you may also be interested.

@alexey-milovidov alexey-milovidov merged commit 9376acb into ClickHouse:master Feb 6, 2026
126 of 134 checks passed
@robot-ch-test-poll2 robot-ch-test-poll2 added the pr-synced-to-cloud The PR is synced to the cloud repo label Feb 6, 2026
@filimonov
Copy link
Contributor Author

filimonov commented Feb 9, 2026

Should we push it to the branches where #94262 was backported?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tiandiwonder tiandiwonder tiandiwonder approved these changes

Assignees

@tiandiwonder tiandiwonder

Labels

can be tested Allows running workflows for external contributors pr-bugfix Pull request with bugfix, not backported by default pr-synced-to-cloud The PR is synced to the cloud repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@filimonov @tiandiwonder @alexey-milovidov @robot-ch-test-poll2 @svb-alt