Analysis of a MySQL 8.0.35 Crash Bug Caused by InnoDB Assertion Failure

In this article the author, a junior DBA, describes a crash bug discovered in MySQL 8.0.35 that is triggered by an InnoDB assertion failure when a VARCHAR length exceeds the 65 535‑byte limit.

The error log shows an Assertion failure: row0mysql.cc:165:len < 256*256, followed by a SIGABRT signal. By examining the source file row0mysql.cc the failing assertion is found in the function row_mysql_store_true_var_len, which calls the macro ut_a. When the condition is false, ut_dbg_assertion_failed prints diagnostic information and invokes abort().

The article explains the ut_a macro, the ut_dbg_assertion_failed implementation, and how the abort signal (6) terminates the process. It then shows how to analyse the generated corefile with gdb, mapping the back‑trace to the offending function and revealing that the length value is the constant UNIV_MULTI_VALUE_ARRAY_MARKER (4294967292), far beyond the allowed limit.

To reproduce the bug the author creates a table with a JSON virtual column, performs a repeatable‑read transaction, updates the column in another session, and runs a query that forces InnoDB to read the undo log, causing the same assertion failure and crash.

The bug was reported to Oracle and fixed in MySQL 8.0.35 (Bug#35039937). References and further reading are provided.