Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View


Categories: connectors experimental galera main
Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

connectors experimental galera main
Daniel Black
MDEV-39813 ST_GeomFromGeoJSON does not control recursion depth

Geometry::create_from_json reset the killedptr and the stack
depth (stack_p) every time json_scan_start was called. We save/
restore these values so that the ST_GeomFrom_GeoJSON can be killed
and incur timeout, and also so that its depth measurement is kept.

Test case an bug report thanks to byteoverride.
Daniel Black
Merge 10.6 into 10.11
Thirunarayanan Balathandayuthapani
MDEV-38842 Server fails to drop .ibd file when vector table creation fails

Problem:
========
When creating tables with vector indexes, if the secondary table
creation fails after the main table is successfully created,
the server was not properly cleaning up the main table's .ibd file.
Stale file exists because create_table_impl() always called
ddl_log_complete() on any error, which disables DDL log entries
instead of executing them for cleanup. The main table would be
left behind even though the overall CREATE TABLE operation failed.

Solution:
=========
ha_create_table(): Make it responsible for cleaning up
everything it created when it returns an error.
On failure of the high level index creation, drop the main
table and shadow table.
Daniel Black
MDEV-39691 wsrep.cnf contains deprecated wsrep_causal_reads

wsrep_causal_reads was deprecated in 10.1.3 and removed in 11.3.1.
Put in place the equivalent (and default) wsrep_sync_wait=0.

Amend a few early comments to show MariaDB as our product.
Pekka Lampio
MDEV-38389: Galera test failure on galera_3nodes.galera_vote_majority_dml

Fix the broken Galera MTR test galera_3nodes.galera_vote_majority_dml
by restoring the value of the AUTO_INCREMENT_OFFSET at the end of the
test.
Vladislav Vaintroub
MDEV-40214 Suppress false-positive Infer MEMORY_LEAK_C in mysql_client_test.c

The MEMORY_LEAK_C reports in this file are false positives. Real leaks are
reported by ASAN, which we run regularly. Suppress the leak checker for the
file with the documented @infer-ignore-every directive.
Brandon Nesterenko
MDEV-39302: main.xa wrong errno ER_XAER_NOTA instead of ER_XA_RBROLLBACK

Revert some changes of bead24b7f3dff5a1fe8bcd283eccb7b654495b3e
which incorrectly removed wait_until_count_sessions.inc from xa.test.
This test relies on having fully disconnected sessions with prepared XA
transactions before progressing with the test. I.e., the prepared
transaction must be made fully recoverable before the test progresses to
try and XA COMMIT/ROLLBACK the transaction.

Signed-off-by: Brandon Nesterenko <[email protected]>
Vladislav Vaintroub
MDEV-40242 Fix Infer NULLPTR_DEREFERENCE reports in tests

Infer flagged several test/unittest sites that dereference the result of
an allocation (or an allocating helper) without checking it for NULL:

- tests/async_queries.c: fatal() calls exit() but was not marked
  noreturn, so Infer assumed add_query() continued past the
  "if (!e || !q2) fatal(...)" guard. Mark fatal() ATTRIBUTE_NORETURN.
- tests/mysql_client_test.c: add the usual check_stmt() after
  mysql_stmt_init() in test_bug16143, test_bug16144 and test_bug38486.
- unittest/json_lib/json_normalize-t.c: check init_dynamic_string().
- unittest/mysys/bitmap-t.c: check my_bitmap_init().
- unittest/mysys/ma_dyncol-t.c: check the val/upd/res malloc()s.
- unittest/mysys/thr_template.c: replace assert(threads) (compiled out
  under NDEBUG) with an unconditional check.
- unittest/sql/mf_iocache-t.cc: check the buf/buf_i/buf_o malloc()s.

Test-only changes; on allocation failure the tests now abort cleanly
via BAIL_OUT() instead of dereferencing NULL.
PranavKTiwari
MDEV-40167: GTT created with the InnoDB incorrectly accept FULLTEXT/VECTOR indexes
Problem:
GLOBAL TEMPORARY tables were not subject to the same option/index restrictions as session TEMPORARY tables. Several InnoDB and server-layer checks tested only tmp_table(), so GLOBAL TEMPORARY tables could bypass validation for VECTOR/FULLTEXT indexes, DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED.

Cause:
global_tmp_table() was added as a separate predicate from tmp_table(), but not all temp-table checks were updated to test both, so GLOBAL TEMPORARY tables fell through to "permanent table" logic in several places.

Fix:
Added global_tmp_table() alongside tmp_table() at each affected check:

Reject VECTOR and FULLTEXT indexes on GLOBAL TEMPORARY tables.
Reject/warn on DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED for GLOBAL TEMPORARY tables, with accurate wording in the DATA DIRECTORY warning.
Fixed zip_allowed and related ut_ad assertions to exclude GLOBAL TEMPORARY tables.
Fixed m_use_file_per_table in set_tablespace_type() to exclude GLOBAL TEMPORARY tables (also fixes m_use_data_dir).
GLOBAL TEMPORARY tables now validate the same as session TEMPORARY tables across these options.
sjaakola
MDEV-38243 Write binlog row events for changes done by cascading FK operations

This commit implements a feature which changes the handling of cascading foreign
key operations to write the changes of cascading operations into binlog.
The applying of such transaction, in the slave node, will apply just the binlog
events, and does not execute the actual foreign key cascade operation.
This will simplify the slave side replication applying and make it more predictable
in terms of potential interference with other parallel applying happning
in the node.

This feature can be turned ON/OFF by new variable:
rpl_use_binlog_events_for_fk_cascade, with default value OFF

The actual implementation is largely by windsurf.

The commit has also mtr tests for testing rpl_use_binlog_events_for_fk_cascade
feature:  rpl.rpl_fk_cascade_binlog_row, rpl.rpl_fk_set_null_binlog_row and
rpl.fk_cascade_binlog_row_rollback
Thirunarayanan Balathandayuthapani
MDEV-27569  Valgrind/MSAN errors in ha_partition::swap_blobs() for BLOB not in secondary index

Problem:
=======
On a partitioned table containing a BLOB/TEXT column, an ordered
index scan calls ha_partition::swap_blobs() for every buffered
row, because it is being called only when table has blob fields.

When the buffered row comes from a secondary index that does not
cover the blob (e.g. KEY(f2) on (f2,f1)), InnoDB's
row_sel_store_mysql_rec() populates only the templated columns.
The blob column's null bit and its value-pointer bytes in
table->record[0] are left uninitialized. The partition handler
memcpy() this record into rec_buf, then swap_blobs() evaluates
blob->is_null(), reading the uninitialized null bit leads to
"use-of-uninitialized-value".

Solution:
=========
row_sel_store_mysql_rec(): When the record is being stored
from a secondary index, seed the NULL bitmap of mysql_rec
from prebuilt->default_rec before populating the templated columns.
Columns present in the index template have their NULL bit rewritten
explicitly while the row is stored, so only the columns absent from
the template (the uncovered blob) rely on this seed.
default_rec marks such nullable columns as NULL and preserves the
reserved NULL bit, so the uncovered blob is now defined as NULL.

Because of this, ha_partition::swap_blobs() skips it via its
"!bitmap_is_set(read_set) || blob->is_null()" guard and
never calls Field_blob::cached()/get_ptr(). This avoids not
only the uninitialized null-bit read and the follow-on
uninitialized blob value-pointer read.
PranavKTiwari
Added code change.
Thirunarayanan Balathandayuthapani
MDEV-40085  TRUNCATE of temporary table with ENCRYPTED=NO crashes under innodb_encrypt_tables=FORCE

Problem:
=========
ha_innobase::truncate() recreates the table by calling
ha_innobase::create(). create_table_info_t::check_table_options()
rejects ENCRYPTED=NO when innodb_encrypt_tables=FORCE, which is the
rule that forbids creating a new unencrypted table under FORCE.

TRUNCATE therefore failed in create(). For a temporary table,
truncate() frees m_prebuilt before calling create(). If the create()
fails and left m_prebuilt=nullptr and a subsequent
ha_innobase::reset()/update_thd() dereferenced it.

Solution:
========
check_table_options(): skip the innodb_encrypt_tables=FORCE check on
the internal recreate path (indicated by a non-null m_trx,
which is set only during truncate()). This applies to non-temporary
table also.

ha_innobase::truncate(): validate the create options before dropping
the existing table. Any genuine validation failure
(missing encryption key, unsupported option combination etc)
now returns an error with the original table and m_prebuilt
left intact, instead of dropping the table and then
failing in create()
Thirunarayanan Balathandayuthapani
MDEV-27569  Valgrind/MSAN errors in ha_partition::swap_blobs() for BLOB not in secondary index

Problem:
=======
On a partitioned table containing a BLOB/TEXT column, an ordered
index scan calls ha_partition::swap_blobs() for every buffered
row, because it is being called only when table has blob fields.

When the buffered row comes from a secondary index that does not
cover the blob (e.g. KEY(f2) on (f2,f1)), InnoDB's
row_sel_store_mysql_rec() populates only the templated columns.
The blob column's null bit and its value-pointer bytes in
table->record[0] are left uninitialized. The partition handler
memcpy() this record into rec_buf, then swap_blobs() evaluates
blob->is_null(), reading the uninitialized null bit leads to
"use-of-uninitialized-value".

Solution:
=========
row_sel_store_mysql_rec(): When the record is being stored
from a secondary index, seed the NULL bitmap of mysql_rec
from prebuilt->default_rec before populating the templated columns.
Columns present in the index template have their NULL bit rewritten
explicitly while the row is stored, so only the columns absent from
the template (the uncovered blob) rely on this seed.
default_rec marks such nullable columns as NULL and preserves the
reserved NULL bit, so the uncovered blob is now defined as NULL.

Because of this, ha_partition::swap_blobs() skips it via its
"!bitmap_is_set(read_set) || blob->is_null()" guard and
never calls Field_blob::cached()/get_ptr(). This avoids not
only the uninitialized null-bit read and the follow-on
uninitialized blob value-pointer read.
Sergei Golubchik
fix plugins.feedback_os_release failure on sles-1600

just the comment at the beginning of its /etc/os-release
is already more than 256 bytes
diego dupin
Update CI configuration for server test suite

Correct ps protocol parameter
  • cc-x-codbc-windows: 'dojob pwd if '3.4' == '3.4' ls win32/test SET TEST_DSN=master SET TEST_DRIVER=master SET TEST_PORT=3306 SET TEST_SCHEMA=odbcmaster if '3.4' == '3.4' cd win32/test if '3.4' == '3.4' ctest --output-on-failure' failed -  stdio
Alessandro Vetere
MDEV-40210 Redundant CAS in async_flush_lsn::try_clear_if_at_most()

MDEV-39600 added try_clear_if_at_most() to clear buf_flush_async_lsn with
an atomic CAS that preserves a concurrent bump(). If the snapshot is
already 0, compare_exchange_strong(0, 0) is a no-op, so return early on a
zero snapshot and avoid the atomic read-modify-write. The page cleaner
calls this on every pass, so in the common steady state (no async flush
queued) it drops needless exclusive access to the m_lsn cache line. A zero
value is already the cleared state and a concurrent bump() is preserved
either way, so the result is identical.
Vladislav Vaintroub
MDEV-40243 Fix Infer MEMORY_LEAK_C leaks in mysqldump/mysqlshow

Infer reported MEMORY_LEAK_C at several client sites. Fix the genuine leaks:

client/mysqldump.c (dump_events_for_db): event_list_res (and, on the inner
paths, event_res) were leaked on the error DBUG_RETURN(1) paths
(switch_character_set_results, SHOW CREATE EVENT failure, create_delimiter,
switch_db_collation, restore_db_collation). Route those paths through a
single "err:" cleanup label that frees both results (event_res is kept NULL
outside the inner loop so the shared cleanup is safe) and also restores the
session state (results charset, and UNLOCK TABLES when locking) like the
normal exit does.

client/mysqlshow.c (list_fields): when --keys is given, the columns result
set was overwritten by the "show keys" result without being freed. Free it
before running the keys query, and NULL the pointer so it cannot dangle if
that query fails.

The client/mysqltest.cc reports are false positives (do_save_master_pos only
leaves the result unfreed right before a noreturn die(); read_stmt_results
frees on every path), so no change is needed there.
Vladislav Vaintroub
MDEV-40243 Fix leak and NULL-deref in mysqldump dump_all_servers()

The SHOW CREATE SERVER dumping loop added by MDEV-34716 has two defects:

- When "show create server <name>" fails, the function returned without
  freeing the outer "SELECT Server_name FROM mysql.servers" result
  (tableres), leaking it (Infer MEMORY_LEAK_C).

- The result of that query was used without checking: "row=
  mysql_fetch_row(serverres); row[1]+= 14;" dereferences a NULL row (and
  assumes >= 2 columns). If the result is empty -- e.g. the server was
  dropped between the two queries, or is not visible -- mysqldump crashes.

Free tableres on the error return, and validate the SHOW CREATE SERVER
result (non-NULL row and at least two columns) before use, freeing both
results on failure.

This code path exists since MDEV-34716
diego dupin
Update CI workflow to correct ps-protocol tests
PranavKTiwari
MDEV-40167: GTT created with the InnoDB incorrectly accept FULLTEXT/VECTOR indexes
Problem:
GLOBAL TEMPORARY tables were not subject to the same option/index restrictions as session TEMPORARY tables. Several InnoDB and server-layer checks tested only tmp_table(), so GLOBAL TEMPORARY tables could bypass validation for VECTOR/FULLTEXT indexes, DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED.

Cause:
global_tmp_table() was added as a separate predicate from tmp_table(), but not all temp-table checks were updated to test both, so GLOBAL TEMPORARY tables fell through to "permanent table" logic in several places.

Fix:
Added global_tmp_table() alongside tmp_table() at each affected check:

Reject VECTOR and FULLTEXT indexes on GLOBAL TEMPORARY tables.
Reject/warn on DATA DIRECTORY, KEY_BLOCK_SIZE, and ROW_FORMAT=COMPRESSED for GLOBAL TEMPORARY tables, with accurate wording in the DATA DIRECTORY warning.
Fixed zip_allowed and related ut_ad assertions to exclude GLOBAL TEMPORARY tables.
Fixed m_use_file_per_table in set_tablespace_type() to exclude GLOBAL TEMPORARY tables (also fixes m_use_data_dir).
GLOBAL TEMPORARY tables now validate the same as session TEMPORARY tables across these options.
Marko Mäkelä
Merge 11.4 into 11.8
Alexander Barkov
MDEV-39587 Package-wide TYPE for variable declarations

SET sql_mode=ORACLE;
DELIMITER $$
CREATE OR REPLACE PACKAGE pkg AS
  -- Declare a package public data type
  TYPE varchar_array IS TABLE OF VARCHAR(2000) INDEX BY INTEGER;
END;
$$
DELIMITER ;
DELIMITER $$

CREATE OR REPLACE PROCEDURE p1 AS
  v pkg.varchar_array; -- Use the package public data type
BEGIN
  v(0):='test';
  SELECT v(0);
END;
$$
DELIMITER ;

Note, the change is done only for sql_mode=ORACLE, because the TYPE
declaration is not available for the default mode.

Where package-wide types are available
--------------------------------------
- Variabe list type:
    DECLARE var pkg1.type1;

- RETURN type for a package routine:
    CREATE FUNCTION .. RETURN pkg1.type1 ...

- Parameter type for a package routine:
    PROCEDURE p1(param1 pkg1.type1);

- Assoc array element type:
    TYPE assoc1_t IS TABLE OF pkg1.type1 ...

- REF CURSOR RETURN type:
    TYPE cur1_t IS REF CURSOR RETURN pkg1.type1;

Change details
--------------

- Adding a member Lex_length_and_dec_st::m_foreign_module_type
  It's set to true when the data type was initialized from a TYPE
  in foreign routine (e.g. in PACKAGE spec).
  It's needed to prevent use of qualified identifiers in public contexts,
  i.e. in schema public routine parameter types and schema publuc function
  RETURN types.
  Adding a helper method sp_head::check_applicability() which prevents
  use of qualified types in public context.

- Adding a helper method sp_head::raise_unknown_data_type().

- Adding methods LEX::set_field_type_typedef_package_spec() for
  2-step and 3-step qualified indentifiers.
  It's used in field_type_all_with_typedefs which covers cases:
  - Variabe list type        : DECLARE var pkg1.type1;
  - RETURN type              : CREATE FUNCTION .. RETURN pkg1.type1 ...
  - Parameter type          : PROCEDURE p1(param1 pkg1.type1);
  - Assoc array element type : TYPE assoc1_t IS TABLE OF pkg1.type1 ...

- Adding a method LEX::declare_type_ref_cursor_return_typedef().
  It handles cases when a new TYPE REF CURSOR RETURN is declared,
  for both for qualified RETURN types and non-qualified RETURN types:
  - TYPE cur0_t IS REF CURSOR RETURN rec1_t;
  - TYPE cur0_t IS REF CURSOR RETURN pkg1.rec1_t;
  - TYPE cur0_t IS REF CURSOR RETURN db1.pkg1.rec1_t;

  The code was moved from LEX::declare_type_ref_cursor() into
  LEX::declare_type_ref_cursor_return_typedef() and extended
  to cover qualified RETURN types.

- Adding a method Sql_path::find_package_spec_type().
  It iterates through all schemas specified in @@path and searches
  for the given type in the given package.

- Adding a helper method sp_pcontext::type_defs_add_ref_cursor()
  to reuse the code.

- Adding a new method sp_package::get_typedef() to search
  for TYPE definitions in PACKAGE specifications.

- Adding a new method sp_head::get_typedef_package_spec()
  to search for TYPE definitions used by a PROCEDURE or FUNCTION.

- Adding a helper method
    Sp_handler::sp_cache_routine_reentrant_suppress_errors
  Adding a method Sp_handler::find_package_spec().
sjaakola
MDEV-39681 delayed BF aborting with multi master load

Reason for the hanging, and occasional crashes turned out
to be orphaned innodb lock wait request of a BF aborted
local transaction, which had arrived in commit stage.

Reason is that wsrep BF-abort marks a transaction a deadlock
victim out-of-band, so (unlike native deadlock resolution)
the victim can still own a live LOCK_WAIT request;
if that orphaned waiter survives into commit/rollback,
another transaction granting it calls lock_wait_end() cross-thread
and corrupts the victim's state — surfacing as the lock_wait_end,
que_thr_step, and rollback_finish assertions.

This commit has fixes for claering lock wait status of BF aborted
transactions.

Commit has also a new mtr test: galera.galera_bf_abort_orphan_lock
to work as regression test for the fix.
Vladislav Vaintroub
MDEV-40214 Suppress false-positive Infer MEMORY_LEAK_C in mysql_client_test.c

The MEMORY_LEAK_C reports in this file are false positives. Real leaks are
reported by ASAN, which we run regularly. Suppress the leak checker for the
file with the documented @infer-ignore-every directive.
Daniel Black
MDEV-39829/MDEV-33532 s3.debug test failure

MDEV-39516 corrected the interface with curl particularly around
passing options.

After this the s3.debug actually enabled curl debugging like is
was meant to. With this enabled, there are addition s3_test_ pattens
in the result file, from the error log where curl correctly provide
debug message.

ps-protocol test also failed under MDEV-33532 where a differnet
number of entries was recored.

Correct variations by using the $database/$table rather than just the
s3_test_ pattern.

As the purpose of this test is to check if s3_debug is dynamic, the
second part of the test searches for a previously, under s3_debug=1,
table t2 interaction, where the results should be NOT_FOUND.

Remove count from the result file to allow for different curl versions
and the possibiliy of being run under ps-protocol.
Thirunarayanan Balathandayuthapani
MDEV-27569  Valgrind/MSAN errors in ha_partition::swap_blobs() for BLOB not in secondary index

Problem:
=======
On a partitioned table containing a BLOB/TEXT column, an ordered
index scan calls ha_partition::swap_blobs() for every buffered
row, because it is being called only when table has blob fields.

When the buffered row comes from a secondary index that does not
cover the blob (e.g. KEY(f2) on (f2,f1)), InnoDB's
row_sel_store_mysql_rec() populates only the templated columns.
The blob column's null bit and its value-pointer bytes in
table->record[0] are left uninitialized. The partition handler
memcpy() this record into rec_buf, then swap_blobs() evaluates
blob->is_null(), reading the uninitialized null bit leads to
"use-of-uninitialized-value".

Solution:
=========
row_sel_store_mysql_rec(): When the record is being stored
from a secondary index, seed the NULL bitmap of mysql_rec
from prebuilt->default_rec before populating the templated columns.
Columns present in the index template have their NULL bit rewritten
explicitly while the row is stored, so only the columns absent from
the template (the uncovered blob) rely on this seed.
default_rec marks such nullable columns as NULL and preserves the
reserved NULL bit, so the uncovered blob is now defined as NULL.

Because of this, ha_partition::swap_blobs() skips it via its
"!bitmap_is_set(read_set) || blob->is_null()" guard and
never calls Field_blob::cached()/get_ptr(). This avoids not
only the uninitialized null-bit read and the follow-on
uninitialized blob value-pointer read.
Marko Mäkelä
Merge 10.11 into 11.4
Brandon Nesterenko
MDEV-39302: main.xa wrong errno ER_XAER_NOTA instead of ER_XA_RBROLLBACK

When a session has a prepared an XA transaction (via XA PREPARE), if it
is not yet finalized (via XA COMMIT / ROLLBACK) when the session
disconnects, there is cleanup logic by the disconnecting session to put
this hanging transaction into a recoverable state. The main.xa test
follows a pattern where it disconnects these transactions, but doesn't
wait for the session to finalize before it tries to finalize these
transactions. If the transaction hasn't yet been put into a recoverable
state, when the test tries to XA COMMIT or XA ROLLBACK the transaction,
it results in the error:

mysqltest: At line 831: query 'xa commit 'c:foo'' failed: ER_XAER_NOTA (1397): XAER_NOTA: Unknown XID

The test is fixed by waiting for the XA PREPARE'ing session
to finalize and be disconnected before trying to recover/commit/rollback
it.

Signed-off-by: Brandon Nesterenko <[email protected]>
Daniel Black
spelling correction: support-files/wsrep.cnf.sh

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Yuchen Pei
MDEV-39558 Check resulting VECTOR length in type aggregation inference

VECTOR, as a subtype of VARCHAR, has max length 65532, i.e. maximum
dimension of 16383. BLOB/MEDIUMBLOB/LONGBLOB (and corresponding TEXT
types) each has length exceeding 65532. Therefore, when aggregating
VECTOR with one of these BLOB/TEXT types, the aggregated type has
length exceeding the max length of VECTOR, which should result in an
error.

To that end, in this patch we add checks on the resulting vector
length during type aggregation inference
Daniel Black
MDEV-28404 JSON functions don't respect KILL QUERY

Or max_statement_time limit or MAX_DEPTH.

Correct interuptability and depth checking of:
* JSON_CONTAINS
* JSON_CONTAINS_PATH
* JSON_EXISTS
* JSON_EXTRACT
* JSON_KEYS
* ST_GeomFromGeoJSON

Populate in the json library the killed as a specific
error message. As the json library has a killed_ptr
is approprate it handles it.

As json_report_error now processes the killed there's
no need of thd->check_killed().

Verified that the path after every json_scan_next, the
location of checking the killed_ptr, reports errors
correctly.
Alessandro Vetere
MDEV-40128 Use per-cell latch in lock_move_reorganize_page()

lock_move_reorganize_page() was acquiring lock_sys.latch in exclusive
mode (via LockMutexGuard) for the entire body of phase 2 (lock chain
iteration, bitmap reset, and lock_rec_add_to_queue() calls). The
function however only touches record locks belonging to a single page,
which all live in a single lock_sys.rec_hash cell. Holding that cell
latch in exclusive mode via LockGuard is sufficient:

- The cell latch protects the cell's lock chain and the bitmaps of the
  lock_t objects in it (lock_rec_bitmap_reset and the new bit set by
  lock_rec_add_to_queue()).
- It also protects lock->type_mode, including the LOCK_WAIT bit. The
  canonical clear in lock_reset_lock_and_trx_wait() runs under the cell
  latch, and lock_grant() invokes it before taking trx->mutex, so the bit
  is cell-latch state rather than trx->mutex state. Phase 1 only clears
  the bit and leaves trx->lock.wait_lock intact; the copy in old_locks
  keeps LOCK_WAIT and phase 2 re-adds the lock with it, so the wait
  relationship (guarded by lock_sys.wait_mutex) is preserved across the
  move. Neither trx->mutex nor wait_mutex is required here.
- Each owning trx's mutex is acquired per-iteration to protect that trx's
  trx_locks list and lock_heap during lock_rec_add_to_queue().

The global exclusive latch was over-strong: it blocked every concurrent
lock_sys.rd_lock() acquirer in lock_rec_lock() and lock_table()
server-wide for the duration of the reorganize, contributing
disproportionately to the lock_sys.latch convoy under heavy concurrency.

The TMLockGuard fast-path empty check at the top of the function is
preserved; for cells with no locks the cost is still just a TSX-elided
read.
Vladislav Vaintroub
MDEV-40243 Fix Infer MEMORY_LEAK_C leaks in mysqldump/mysqlshow

Infer reported MEMORY_LEAK_C at several client sites. Fix the genuine leaks:

client/mysqldump.c (dump_events_for_db): event_list_res (and, on the inner
paths, event_res) were leaked on the error DBUG_RETURN(1) paths
(switch_character_set_results, SHOW CREATE EVENT failure, create_delimiter,
switch_db_collation, restore_db_collation). Route those paths through a
single "err:" cleanup label that frees both results (event_res is kept NULL
outside the inner loop so the shared cleanup is safe) and also restores the
session state (results charset, and UNLOCK TABLES when locking) like the
normal exit does.

client/mysqlshow.c (list_fields): when --keys is given, the columns result
set was overwritten by the "show keys" result without being freed. Free it
before running the keys query, and NULL the pointer so it cannot dangle if
that query fails.

The client/mysqltest.cc reports are false positives (do_save_master_pos only
leaves the result unfreed right before a noreturn die(); read_stmt_results
frees on every path), so no change is needed there.
Thirunarayanan Balathandayuthapani
MDEV-40085  TRUNCATE of temporary table with ENCRYPTED=NO crashes under innodb_encrypt_tables=FORCE

Problem:
=========
ha_innobase::truncate() recreates the table by calling
ha_innobase::create(). create_table_info_t::check_table_options()
rejects ENCRYPTED=NO when innodb_encrypt_tables=FORCE, which is the
rule that forbids creating a new unencrypted table under FORCE.

TRUNCATE therefore failed in create(). For a temporary table,
truncate() frees m_prebuilt before calling create(). If the create()
fails and left m_prebuilt=nullptr and a subsequent
ha_innobase::reset()/update_thd() dereferenced it.

Solution:
========
check_table_options(): skip the innodb_encrypt_tables=FORCE check on
the internal recreate path (indicated by a non-null m_trx,
which is set only during truncate()). This applies to non-temporary
table also.

ha_innobase::truncate(): validate the create options before dropping
the existing table. Any genuine validation failure
(missing encryption key, unsupported option combination etc)
now returns an error with the original table and m_prebuilt
left intact, instead of dropping the table and then
failing in create()
Alexander Barkov
MDEV-40153 Assertion `rec->field->head()->charset == nullptr' failed in virtual bool Type_handler_row::Column_definition_prepare_stage1(THD *, MEM_ROOT *, Column_definition *, column_definition_type_t, const Column_derived_attributes *) const

The assertion in Type_handler_row::Column_definition_prepare_stage1()
erroneously assumes that the character set is implicitely defined
in a record field definition. So in crached when
- there is an explicit CHARACTER SET clause
- the data type is BLOB (implicit my_charset_bin)

Removing the assert.
Aleksey Midenkov
MDEV-39384 Comments on update_virtual_fields() modes
Daniel Black
MDEV-30518: JSON functions cannot be killed on big-endian (backport)

Backport to 10.6 without JSON_OVERLAPS

The json_engine killed_ptr was of type uchar however the enum
in the server is dependant on the architecture. On big-endian
architectures like IBM Z, retreiving a uchar* retreived the
unmodifed part of the THD->kill enum location and was always 0.

As C++11 allows enums to inherit a type, used uint32_t as the base
class of killed_state type in the server and used uint32_t in the
json library.

reload_acl_and_cache required an expression change to avoid
the compile error:
sql/sql_reload.cc:472:24: error: enumerated and non-enumerated
type in conditional expression [-Werror=enum-conversion]
  472 |  return result || (thd ? thd->killed : 0);

Added the kill_ptr assignment the following functions can be
killed:
* Item_func_json_depth::val_int
* Item_func_json_type::val_str
* Item_func_json_length::val_int

Item_func_json_array_append::val_str, check_killed() only applied
to json_error: label and not return_null.

Item_func_json_format::val_str(), corresponding to the SQL,
json_compact, json_detailed, json_loose - add debug instrumentation
for the func_json_notembedded test.

MDEV-26726 (fcd345de485f) added a json_pause_execution sync point
however the test case used debug_max_statement_time, which doesn't
exist. Fix the sync point name in the test.