Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/7d3def8575ecd2e5e2e7ab7f585961206007bd25 (Adds LPM-based SQLite fuzzer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

I suspect this is a duplicate of Issue 914507 and will be fixed by backporting https://www.sqlite.org/src/info/e35eb8776ed539af

Queries:

CREATE TABLE Table0 (Col0 INTEGER  PRIMARY KEY  ON CONFLICT REPLACE  , FOREIGN KEY (Col0) REFERENCES Table0  ) ;
CREATE INDEX Index0 ON Table0(Col0  );
INSERT INTO Table0 VALUES (1)  ;

Stack trace:

==646845==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f53a2e08a77 bp 0x7fff9cd881b0 sp 0x7fff9cd880a0 T0)
==646845==The signal is caused by a READ memory access.
==646845==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x7f53a2e08a76 in sqlite3BtreeDelete third_party/sqlite/amalgamation/sqlite3.c:71638:11
    #1 0x7f53a2df4686 in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:87825:8
    #2 0x7f53a2d864dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81427:10
    #3 0x7f53a2d7c64a in sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81490:16
    #4 0x5584df7d4252 in sql_fuzzer::RunSqlQueriesOnConnection(sqlite3*, std::__Cr::vector<std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >, std::__Cr::allocator<std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > > >) third_party/sqlite/fuzz/sql_run_queries.cc:120:12
    #5 0x5584df7d4aab in sql_fuzzer::RunSqlQueries(std::__Cr::vector<std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >, std::__Cr::allocator<std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > > >) third_party/sqlite/fuzz/sql_run_queries.cc:160:3
    #6 0x5584df7a0023 in TestOneProtoInput(sql_query_grammar::SQLQueries const&) third_party/sqlite/fuzz/sql_fuzzer.cc:56:3
    #7 0x5584df79fc03 in LLVMFuzzerTestOneInput third_party/sqlite/fuzz/sql_fuzzer.cc:37:1

ClusterFuzz has detected this issue as fixed in range 622610:622639.

Detailed report: https://clusterfuzz.com/testcase?key=5115707811168256

Fuzzer: libFuzzer_sqlite3_lpm_fuzzer
Fuzz target binary: sqlite3_lpm_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  sqlite3BtreeDelete
  sqlite3VdbeExec
  sqlite3Step
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=615335:615343
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=622610:622639

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5115707811168256

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5115707811168256 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.