################################################################################ # Bug#26952994 A DOUBLE-FREE ISSUE # # Problem: Slave crashes due to double free when there is an error in # allocating memory in Hash_slave_rows::make_entry() function. # # Steps to reproduce: # # 1) Create a master-slave topology with master's binlog_format=row. # 2) On slave, set slave_rows_search_algorithms= 'HASH_SCAN' and set a # simulation point to fake a my_alloc_failure i.e, 'fake_myalloc_failure'. # 3) On master, create a table, insert a row and do an update. # 4) The update on master causes the slave sql thread to stop with Error 1030. # 5) Cleanup. # ################################################################################ --echo #1) Create a master-slave topology with master's binlog_format=row. --source include/have_debug.inc --source include/have_binlog_format_row.inc --source include/master-slave.inc --echo #2) On slave, set slave_rows_search_algorithms= 'HASH_SCAN' and set a --echo # simulation point to fake a my_alloc_failure i.e, 'fake_malloc_failure'. --source include/rpl_connection_slave.inc call mtr.add_suppression("Slave SQL.*Could not execute Update_rows event on table test.t1"); call mtr.add_suppression("Slave: Got error 1*"); call mtr.add_suppression("The slave coordinator and worker threads are stopped, possibly leaving data in inconsistent state"); SET @saved_slave_rows_search_algorithms= @@global.slave_rows_search_algorithms; SET GLOBAL slave_rows_search_algorithms= 'HASH_SCAN'; SET @old_debug= @@global.debug; SET GLOBAL debug= '+d,fake_myalloc_failure'; --echo #3) On master, create a table, insert a row and do an update. --source include/rpl_connection_master.inc CREATE TABLE t1 (a INT); INSERT INTO t1 VALUES (1); UPDATE t1 SET a=2 WHERE a=1; --echo #4) The update on master causes the slave sql thread to stop with Error 1030. --source include/rpl_connection_slave.inc --let $slave_sql_errno= convert_error(ER_GET_ERRNO) --source include/wait_for_slave_sql_error.inc --echo #5) Cleanup SET GLOBAL debug= @old_debug; SET GLOBAL slave_rows_search_algorithms= @saved_slave_rows_search_algorithms; DROP TABLE t1; --source include/rpl_connection_master.inc DROP TABLE t1; # Slave SQL thread has already stopped, stopping the IO trhead. --source include/rpl_connection_slave.inc --source include/wait_for_slave_sql_error.inc --source include/stop_slave_io.inc RESET SLAVE; --let $rpl_only_running_threads= 1 --source include/rpl_end.inc