Fix heap-use-after-free in MergeTreeReadTask::createReaders

[alexey-milovidov]

Summary

Fix heap-use-after-free where MergeTreeReadPoolBase accesses storage through data_part->storage (a bare const MergeTreeData & reference) after the storage has been destroyed.

Querying checks.test_context_raw on ClickHouse Playground reveals 19 occurrences of the same root cause in the last 90 days across two distinct crash patterns:

Pattern 1 — LoadedMergeTreeDataPartInfoForReader constructor (3 occurrences): During query execution, createReaders constructs LoadedMergeTreeDataPartInfoForReader which calls data_part->storage.getContext(). If the storage is already freed, this is a use-after-free.

Pattern 2 — IMergeTreeDataPart::clearCaches during part destruction (16 occurrences): When the read pool is destroyed, data parts are released. Part destructors call removeIfNeeded() → clearCaches() → storage.getContext() to clear mark/uncompressed caches. If the storage is freed before parts, this crashes.

Root cause: The query pipeline normally holds a StoragePtr via QueryPlanResourceHolder, but the read pool itself does not hold a storage reference. If any code path fails to set up addStorageHolder at the pipeline level (or if the pipeline resources are released before the pool is destroyed), the storage can be freed while parts still reference it.

Fix: Store a ConstStoragePtr (via shared_from_this) in MergeTreeReadPoolBase. It is declared as the first data member so it is destroyed last, guaranteeing the storage outlives all data parts held by the pool (parts_ranges, per_part_infos). This fixes both crash patterns.

CI report: https://s3.amazonaws.com/clickhouse-test-reports/json.html?REF=master&sha=022e467a014b9b3f1fc993735bc4f6b3974e59a0&name_0=MasterCI&name_1=Stress%20test%20%28arm_asan%2C%20s3%29

Test plan

• CI stress tests with ASan/TSan should be clean (covers both patterns)

Changelog category (leave one):

• Critical Bug Fix (crash, data loss, RBAC)

Changelog entry (a user-readable short description of the changes that goes into CHANGELOG.md):

Fix heap-use-after-free when a table is dropped concurrently with a running read query (19 occurrences in CI over the last 90 days).

🤖 Generated with Claude Code

[clickhouse-gh]

Workflow [PR], commit [6cf20e8]

Summary: ✅

---

AI Review

Summary

This PR fixes a heap-use-after-free in MergeTree read teardown when enable_shared_storage_snapshot_in_query=0 by preserving storage lifetime in stripped snapshots instead of dropping all snapshot data. It also adds targeted regression coverage, including the projection-index path that dereferences data_part->storage during reader creation. Based on the current diff, I did not find new high-confidence correctness, safety, or performance issues to block merge.

ClickHouse Rules

Item	Status	Notes
Deletion logging	➖
Serialization versioning	➖
Core-area scrutiny	✅
No test removal	✅
Experimental gate	➖
No magic constants	✅
Backward compatibility	✅
SettingsChangesHistory.cpp	➖
PR metadata quality	✅
Safe rollout	✅
Compilation time	✅

Final Verdict

• Status: ✅ Approve

[alexey-milovidov]

Root cause analysis

Querying checks.test_context_raw on ClickHouse Playground reveals 19 occurrences of the same root cause in the last 90 days across two distinct crash patterns:

Pattern 1 — LoadedMergeTreeDataPartInfoForReader constructor (3 occurrences): During query execution, createReaders constructs LoadedMergeTreeDataPartInfoForReader which calls data_part->storage.getContext() on a freed storage.

Pattern 2 — IMergeTreeDataPart::clearCaches during part destruction (16 occurrences): When parts are destroyed, their destructors call clearCaches() → storage.getContext() on a freed storage. This is the dominant pattern.

Destruction chain (from CI ASan traces)

Both the "freed by" and the crash happen on the same thread — this is not a concurrency race, it's a sequential destruction order issue.

The ASan traces from stateless tests (distributed plan) show the crash happens inside SnapshotData::~SnapshotData, where SnapshotData::parts (RangesInDataPartsPtr, a shared_ptr) releases the last reference to parts:

StorageSnapshot::~StorageSnapshot
  → SnapshotData::~SnapshotData
    → ~shared_ptr<RangesInDataParts>     ← parts destroyed HERE
      → ~RangesInDataPart → ~MergeTreeDataPartCompact
        → clearCaches() → storage.getContext()   ← CRASH

And the "freed by" trace (same thread, earlier in the chain) shows the storage was freed by a different SnapshotData:

SnapshotData::~SnapshotData
  → ~shared_ptr<IStorage const>          ← storage freed

Root cause

There are two StorageSnapshot objects with different SnapshotData instances. One has SnapshotData::storage set (holds ConstStoragePtr), the other has it null (created via getStorageSnapshotWithoutData at MergeTreeData.cpp:10483-10484, which default-initializes SnapshotData without calling shared_from_this()). But both can share the same RangesInDataPartsPtr parts (since it's a shared_ptr).

During destruction on the same thread:

1. SnapshotData A destroyed: parts released (shared, refcount still > 0), then storage released → storage freed (was the last ConstStoragePtr)
2. SnapshotData B destroyed: parts released (last ref) → parts destroyed → clearCaches() → storage.getContext() → CRASH (storage already freed)

Fix in this PR

The fix stores a ConstStoragePtr (via shared_from_this) as the first member of MergeTreeReadPoolBase, ensuring it is destroyed last — after all data parts held by the pool. This guarantees the storage outlives all parts regardless of the snapshot lifecycle or pipeline destruction order.

A deeper fix would be to always set SnapshotData::storage in getStorageSnapshotWithoutData as well, but that has a broader scope.

[alexey-milovidov]

Further investigation by Codex GPT 5.4

I found the missing explanation for Mechanism B.

ReadFromMergeTree::initializePipeline can execute merge_tree_enable_remove_parts_from_snapshot_optimization and replace storage_snapshot->data with a new MergeTreeData::SnapshotData. That destroys the original SnapshotData::storage before the read pools are torn down. So the pool can still hold a live StorageSnapshotPtr, but its data payload no longer keeps the underlying MergeTreeData alive, and later part teardown reaches clearCaches -> data_part->storage.getContext() with a dangling storage.

I pushed commit b14fa7f4a10 with two hardenings:

• preserve SnapshotData::storage when stripping SnapshotData::parts in ReadFromMergeTree;
• make MergeTreeReadPoolBase retain MergeTreeData::SnapshotData::storage or the parts' own storage, not blindly storage_snapshot->storage.

The second point matters for wrapper storages such as StorageFromMergeTreeProjection, where storage_snapshot->storage is not the same object as data_part->storage.

I also ran direct -fsyntax-only compiles for ReadFromMergeTree.cpp and MergeTreeReadPoolBase.cpp; both passed.

[clickhouse-gh]

⚠️ This regression test validates the regular read-pool teardown path, but it does not force the projection-index read-pool path where MergeTreeReadTask::createReaders still dereferences data_part->storage.getSettings(). Please add/adjust coverage to exercise projection-index reads under teardown race as well.

[clickhouse-gh]

⚠️ This file looks like local reviewer/assistant state rather than product code. Please remove .claude/learnings.md from the PR before merge to avoid committing tool-specific internal notes into the repository history.

[azat]

This looks related

[azat]

The part in ReadFromMergeTree looks good
Until #95612 will be resolved

[azat]

StorageFromMergeTreeProjection has parent_storage which points to the MergeTreeData

[azat]

This looks hacky, are you sure that we need this, after the fix for enable_shared_storage_snapshot_in_query == false?

[azat]

This looks related

[alexey-milovidov]

Ok. Now the change is minimal. And it will be amazing if we finally nail it!

[clickhouse-gh]

LLVM Coverage Report

Metric	Baseline	Current	Δ
Lines	84.10%	84.10%	+0.00%
Functions	24.50%	24.50%	+0.00%
Branches	76.60%	76.70%	+0.10%

PR changed lines: PR changed-lines coverage: 100.00% (8/8, 0 noise lines excluded)
Diff coverage report
Uncovered code