Analysis of a MySQL 8.0.35 Crash Bug Caused by InnoDB Assertion Failure

In this article the author, a junior DBA, describes a crash bug discovered in MySQL 8.0.35 that is triggered by an InnoDB assertion failure when a VARCHAR length exceeds the 65 535‑byte limit.

The error log shows an Assertion failure: row0mysql.cc:165:len < 256*256 , followed by a SIGABRT signal. By examining the source file row0mysql.cc the failing assertion is found in the function row_mysql_store_true_var_len , which calls the macro ut_a . When the condition is false, ut_dbg_assertion_failed prints diagnostic information and invokes abort() .

The article explains the ut_a macro, the ut_dbg_assertion_failed implementation, and how the abort signal (6) terminates the process. It then shows how to analyse the generated corefile with gdb , mapping the back‑trace to the offending function and revealing that the length value is the constant UNIV_MULTI_VALUE_ARRAY_MARKER (4294967292), far beyond the allowed limit.

To reproduce the bug the author creates a table with a JSON virtual column, performs a repeatable‑read transaction, updates the column in another session, and runs a query that forces InnoDB to read the undo log, causing the same assertion failure and crash.

The bug was reported to Oracle and fixed in MySQL 8.0.35 (Bug#35039937). References and further reading are provided.