Find it did not provide any possible suspect.
From the regression range assigning to the concern owner. Below is the CL --
https://chromium.googlesource.com/chromium/src/+log/4af1869e97cdf585994c422c22423f6d6fcf68ce..9be83c0490323e941cabd41da1edf5b6079a954b?pretty=fuller

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/656b55356751d12fd8c643f927691275ef10dded

@mmoroz -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Hm, not sure I understand why this input eats so much RAM. AFAIK, randomblob has a size-in-bytes argument, so these randomblob() calls shouldn't use that much of memory.

CC'ing sqlite3 experts to know their opinion.

The individual randomblob() calls don't, but the INSERT INTO t1 SELECT FROM t1 calls are exponentially growing the database (because the INTEGER PRI* KEY is ignored), and the fuzzer uses an in-memory database.  Running those in sqlite3 against the filesystem, it creates a 771MB database through --wait 1, then the t2 INSERT doubles that, and the t1 UPDATE touches a bunch of that (I mention this because the filesystem version ends up with an additional journal factor - I don't think the in-memory database will have that duplication).

Thanks for the explanation shess@. I wonder if we can restrict max size during compilation. According to https://www.sqlite.org/limits.html, it seems to be possible via definition of SQLITE_MAX_PAGE_COUNT. With the maximum page size of 65536 bytes, we can use SQLITE_MAX_PAGE_COUNT = 1024, for example, to have max database size of ~64MB. Would it be fine?

https://codereview.chromium.org/2609473004

I'm not sure SQLITE_MAX_PAGE_COUNT=1024 is appropriate under using_sanitizer, because it could prevent running a reasonable Chromium build or reasonable non-fuzzer tests under a sanitizer.  I'll think about whether 16384 (up to 1G with 64k pages, but more like 16M or 64M depending on the SQLite default page size).

The fuzzer main() could run PRAGMA to restrict the size, but the fuzzing could undo that, I don't see anything offhand that could otherwise fix it while still using a representative allocation strategy (using a custom pcache or allocation pool might not lead to generally-applicable results).

Actually, I think SQLITE_MAX_PAGE_COUNT can be overridden at runtime with PRAGMA max_page_count, so maybe just calling this in the fuzzer main() is reasonable enough.

That's a valid concern, thanks for pointing this out. I've tried to use PRAGMA max_page_count, but the speed reduced significantly (from ~4500 to ~2500 execs per second). Since we don't want to lose the speed, let's harden the condition for defining that flag (.. if (use_libfuzzer || use|afl) ...).

Also I've increased the value to 16384: https://codereview.chromium.org/2609473004

ClusterFuzz testcase 6381137577639936 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/927053fa078035ee9bea31ef77184ccbe8001745

commit 927053fa078035ee9bea31ef77184ccbe8001745
Author: mmoroz <mmoroz@chromium.org>
Date: Fri Apr 28 14:10:22 2017

[sqlite3] Limit max number of memory pages for fuzzing builds.

R=shess@chromium.org
BUG= 675446 

Review-Url: https://codereview.chromium.org/2609473004
Cr-Commit-Position: refs/heads/master@{#467984}

[modify] https://crrev.com/927053fa078035ee9bea31ef77184ccbe8001745/third_party/sqlite/BUILD.gn