Details
-
Bug
-
Status: In Testing (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
2026-planning
Description
MariaDB server crashes with signal 11 (segmentation fault) when executing an INSERT INTO a ColumnStore table that SELECT's from JSON_TABLE() combined with a NOT EXISTS subquery against the same ColumnStore table.
The crash occurs in ha_columnstore.so within the processFrom() function.
Reproduced on
| MariaDB Server | ColumnStore Plugin | OS |
|---|---|---|
| 10.6.25 | ha_columnstore.so | Ubuntu 22.04 (x86_64) |
| 11.4.8 | ha_columnstore.so | Ubuntu 24.04 (x86_64) |
| 11.8.6 | 25.10.3 (build 110806.0, ha_columnstore.so 1.15) | Ubuntu 24.04 (x86_64) |
Minimal reproducer
CREATE TABLE test_cs (id INT, name VARCHAR(100)) ENGINE=ColumnStore; |
INSERT INTO test_cs VALUES (1, 'existing'); |
 |
-- This crashes the server: |
INSERT INTO test_cs |
SELECT jt.* FROM JSON_TABLE( |
'[{"id": 2, "name": "new"}]', |
'$[*]' COLUMNS ( |
id INT PATH '$.id', |
name VARCHAR(100) PATH '$.name' |
)
|
) AS jt |
WHERE NOT EXISTS ( |
SELECT 1 FROM test_cs t WHERE t.id = jt.id |
);
|
|
Crash location
The crash occurs in ha_columnstore.so in the processFrom() function when the ColumnStore query planner
(CalpontSelectExecutionPlan) attempts to handle JSON_TABLE as a table source within a NOT EXISTS subquery.
Stack trace from 11.4.8:
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if11processFromERbR13st_select_lexRNS_12gp_walk_infoERN5boost10shared_ptrIN8execplan26CalpontSelectExecutionPlanEEEbb+0
|
x114b)
|
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if13getSelectPlanERNS_12gp_walk_infoER13st_select_lexRN5boost10shared_ptrIN8execplan26CalpontSelectExecutionPlanEEEbbbR
|
KSt6vectorIP4ItemSaISC_EE+0x140)
|
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if18cs_get_select_planEP29ha_columnstore_select_handlerP3THDRN5boost10shared_ptrIN8execplan26CalpontSelectExecutionPlan
|
EEERNS_12gp_walk_infoEb+0xe2)
|
/usr/lib/mysql/plugin/ha_columnstore.so(_Z25ha_mcs_impl_pushdown_initP16mcs_handler_infoP5TABLEb+0xd6b)
|
|
Stack trace from 10.6.25:
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if10isMCSTableEP5TABLE+0x39)
|
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if11processFromERbR13st_select_lexRNS_12gp_walk_infoERN5boost10shared_ptrIN8execplan26CalpontSelectExecutionPlanEEE+0xb
|
0d)
|
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if13getSelectPlanERNS_12gp_walk_infoER13st_select_lexRN5boost10shared_ptrIN8execplan26CalpontSelectExecutionPlanEEEbbRK
|
St6vectorIP4ItemSaISC_EE+0x11d)
|
/usr/lib/mysql/plugin/ha_columnstore.so(_ZN11cal_impl_if12FromSubQuery9transformEv+0x24b)
|
|
Impact
This crash kills the entire MariaDB server process, affecting all connections. It is triggered by a common
Relevant settings
columnstore_select_handler = ON
columnstore_select_handler_in_stored_procedures = ON