From ed701c6a2301d67286de1322f4c339b6147fb0cf Mon Sep 17 00:00:00 2001
From: Kristian Nielsen <knielsen@knielsen-hq.org>
Date: Tue, 28 Apr 2015 11:56:54 +0200
Subject: [PATCH] MDEV-7864: Slave SQL: stopping on non-last RBR event with
 annotations results in SEGV (signal 11)

The slave SQL thread was clearing serial_rgi->thd before deleting
serial_rgi, which could cause access to NULL THD.

The clearing was introduced in commit
2e100cc5a493b6a0f6f907e0483a734c7fee2087 and is just plain wrong. So revert
that part (single line) of that commit.

Thanks to Daniel Black for bug analysis and test case.
---
 .../extra/rpl_tests/rpl_row_annotate.test     | 29 ++++++++++++++
 .../suite/rpl/r/rpl_row_annotate_do.result    | 38 +++++++++++++++++++
 .../suite/rpl/r/rpl_row_annotate_dont.result  | 36 ++++++++++++++++++
 sql/slave.cc                                  |  2 +-
 4 files changed, 104 insertions(+), 1 deletion(-)

diff --git a/mysql-test/extra/rpl_tests/rpl_row_annotate.test b/mysql-test/extra/rpl_tests/rpl_row_annotate.test
index f3d8006ce01..0614ca97f1d 100644
--- a/mysql-test/extra/rpl_tests/rpl_row_annotate.test
+++ b/mysql-test/extra/rpl_tests/rpl_row_annotate.test
@@ -101,6 +101,35 @@ if (!$annotate)
 {
   --echo # No Annotate_rows events should appear below
 }
+
+
+
+--echo ########################################################################
+--echo # Ensure that a replication failure doesn't segfault - MDEV-7864
+--echo ########################################################################
+DELETE FROM t3 WHERE a=2;
+connection master;
+INSERT INTO t5 (a) SELECT a.a*10000+b.a*1000+c.a*100+d.a*10 FROM t5 a, t5 b, t5 c, t5 d;
+INSERT INTO t3 (a) SELECT a FROM t5 WHERE a > 10;
+DELETE t3 FROM t3 INNER JOIN t5 ON t3.a=t5.a;
+connection slave;
+--echo ---- Wait until slave stops with an error ----
+# Wait until the slave tries to run the query, fails with key not
+# found error, and stops the SQL thread.
+let $slave_sql_errno= 1032; # Can't find record
+source include/wait_for_slave_sql_error.inc;
+--let $err= query_get_value("SHOW SLAVE STATUS", Last_SQL_Error, 1)
+--replace_regex /end_log_pos [0-9]+/end_log_pos END_LOG_POS/
+--disable_query_log
+--eval SELECT "$err" as 'Last_SQL_Error (expected "Delete_rows_v1 event on table test1.t3; Can\'t find record in \'t3\'" error)'
+--enable_query_log
+call mtr.add_suppression("Slave: Can't find record in 't3' Error_code: 1032");
+
+SET GLOBAL sql_slave_skip_counter=1;
+START SLAVE;
+connection master;
+sync_slave_with_master;
+
 --echo ########################################################################
 FLUSH LOGS;
 
diff --git a/mysql-test/suite/rpl/r/rpl_row_annotate_do.result b/mysql-test/suite/rpl/r/rpl_row_annotate_do.result
index 7d9f7de8fa9..9aeef98d091 100644
--- a/mysql-test/suite/rpl/r/rpl_row_annotate_do.result
+++ b/mysql-test/suite/rpl/r/rpl_row_annotate_do.result
@@ -52,6 +52,20 @@ a	b
 # - DELETE xt1, t2 FROM <...>
 # - INSERT INTO t5(b) VALUES <...> (3 instances)
 ########################################################################
+# Ensure that a replication failure doesn't segfault - MDEV-7864
+########################################################################
+DELETE FROM t3 WHERE a=2;
+INSERT INTO t5 (a) SELECT a.a*10000+b.a*1000+c.a*100+d.a*10 FROM t5 a, t5 b, t5 c, t5 d;
+INSERT INTO t3 (a) SELECT a FROM t5 WHERE a > 10;
+DELETE t3 FROM t3 INNER JOIN t5 ON t3.a=t5.a;
+---- Wait until slave stops with an error ----
+include/wait_for_slave_sql_error.inc [errno=1032]
+Last_SQL_Error (expected "Delete_rows_v1 event on table test1.t3; Can't find record in 't3'" error)
+Could not execute Delete_rows_v1 event on table test1.t3; Can't find record in 't3', Error_code: 1032; handler error HA_ERR_END_OF_FILE; the event's master log master-bin.000002, end_log_pos END_LOG_POS
+call mtr.add_suppression("Slave: Can't find record in 't3' Error_code: 1032");
+SET GLOBAL sql_slave_skip_counter=1;
+START SLAVE;
+########################################################################
 FLUSH LOGS;
 show binlog events in 'slave-bin.000001' from <start_pos>;
 Log_name	Pos	Event_type	Server_id	End_log_pos	Info
@@ -131,6 +145,30 @@ slave-bin.000001	#	Annotate_rows	1	#	INSERT INTO t5(b) VALUES ('gås')
 slave-bin.000001	#	Table_map	1	#	table_id: # (test1.t5)
 slave-bin.000001	#	Write_rows_v1	1	#	table_id: # flags: STMT_END_F
 slave-bin.000001	#	Query	1	#	COMMIT
+slave-bin.000001	#	Gtid	2	#	BEGIN GTID 0-2-25
+slave-bin.000001	#	Table_map	2	#	table_id: # (test1.t3)
+slave-bin.000001	#	Delete_rows_v1	2	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	2	#	COMMIT
+slave-bin.000001	#	Gtid	1	#	BEGIN GTID 0-1-25
+slave-bin.000001	#	Annotate_rows	1	#	INSERT INTO t5 (a) SELECT a.a*10000+b.a*1000+c.a*100+d.a*10 FROM t5 a, t5 b, t5 c, t5 d
+slave-bin.000001	#	Table_map	1	#	table_id: # (test1.t5)
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	1	#	COMMIT
+slave-bin.000001	#	Gtid	1	#	BEGIN GTID 0-1-26
+slave-bin.000001	#	Annotate_rows	1	#	INSERT INTO t3 (a) SELECT a FROM t5 WHERE a > 10
+slave-bin.000001	#	Table_map	1	#	table_id: # (test1.t3)
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	1	#	COMMIT
+slave-bin.000001	#	Gtid	2	#	BEGIN GTID 0-2-27
+slave-bin.000001	#	Table_map	2	#	table_id: # (mtr.test_suppressions)
+slave-bin.000001	#	Write_rows_v1	2	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	2	#	COMMIT
 slave-bin.000001	#	Rotate	2	#	slave-bin.000002;pos=4
 # 
 ########################################################################
diff --git a/mysql-test/suite/rpl/r/rpl_row_annotate_dont.result b/mysql-test/suite/rpl/r/rpl_row_annotate_dont.result
index 36d906f54be..ceaf8c878c8 100644
--- a/mysql-test/suite/rpl/r/rpl_row_annotate_dont.result
+++ b/mysql-test/suite/rpl/r/rpl_row_annotate_dont.result
@@ -44,6 +44,20 @@ a	b
 # EVENTS ON SLAVE
 # No Annotate_rows events should appear below
 ########################################################################
+# Ensure that a replication failure doesn't segfault - MDEV-7864
+########################################################################
+DELETE FROM t3 WHERE a=2;
+INSERT INTO t5 (a) SELECT a.a*10000+b.a*1000+c.a*100+d.a*10 FROM t5 a, t5 b, t5 c, t5 d;
+INSERT INTO t3 (a) SELECT a FROM t5 WHERE a > 10;
+DELETE t3 FROM t3 INNER JOIN t5 ON t3.a=t5.a;
+---- Wait until slave stops with an error ----
+include/wait_for_slave_sql_error.inc [errno=1032]
+Last_SQL_Error (expected "Delete_rows_v1 event on table test1.t3; Can't find record in 't3'" error)
+Could not execute Delete_rows_v1 event on table test1.t3; Can't find record in 't3', Error_code: 1032; handler error HA_ERR_END_OF_FILE; the event's master log master-bin.000002, end_log_pos END_LOG_POS
+call mtr.add_suppression("Slave: Can't find record in 't3' Error_code: 1032");
+SET GLOBAL sql_slave_skip_counter=1;
+START SLAVE;
+########################################################################
 FLUSH LOGS;
 show binlog events in 'slave-bin.000001' from <start_pos>;
 Log_name	Pos	Event_type	Server_id	End_log_pos	Info
@@ -113,6 +127,28 @@ slave-bin.000001	#	Gtid	1	#	BEGIN GTID 0-1-24
 slave-bin.000001	#	Table_map	1	#	table_id: # (test1.t5)
 slave-bin.000001	#	Write_rows_v1	1	#	table_id: # flags: STMT_END_F
 slave-bin.000001	#	Query	1	#	COMMIT
+slave-bin.000001	#	Gtid	2	#	BEGIN GTID 0-2-25
+slave-bin.000001	#	Table_map	2	#	table_id: # (test1.t3)
+slave-bin.000001	#	Delete_rows_v1	2	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	2	#	COMMIT
+slave-bin.000001	#	Gtid	1	#	BEGIN GTID 0-1-25
+slave-bin.000001	#	Table_map	1	#	table_id: # (test1.t5)
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	1	#	COMMIT
+slave-bin.000001	#	Gtid	1	#	BEGIN GTID 0-1-26
+slave-bin.000001	#	Table_map	1	#	table_id: # (test1.t3)
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: #
+slave-bin.000001	#	Write_rows_v1	1	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	1	#	COMMIT
+slave-bin.000001	#	Gtid	2	#	BEGIN GTID 0-2-27
+slave-bin.000001	#	Table_map	2	#	table_id: # (mtr.test_suppressions)
+slave-bin.000001	#	Write_rows_v1	2	#	table_id: # flags: STMT_END_F
+slave-bin.000001	#	Query	2	#	COMMIT
 slave-bin.000001	#	Rotate	2	#	slave-bin.000002;pos=4
 # 
 ########################################################################
diff --git a/sql/slave.cc b/sql/slave.cc
index 5e0b7b7f4ae..f0ef3787c65 100644
--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -4818,7 +4818,7 @@ err_during_init:
   */
   thd->temporary_tables = 0; // remove tempation from destructor to close them
   THD_CHECK_SENTRY(thd);
-  serial_rgi->thd= rli->sql_driver_thd= 0;
+  rli->sql_driver_thd= 0;
   mysql_mutex_lock(&LOCK_thread_count);
   THD_CHECK_SENTRY(thd);
   thd->rgi_fake= thd->rgi_slave= NULL;