Strange NoClassDefFoundError triggered by Jazzer in oss-fuzz

[centic9]

Lately we enhanced fuzzing of Apache POI as part of oss-fuzz to trigger much more of the code.

Now oss-fuzz did reported seeing an unexpected exception as follows

== Java Exception: java.lang.NoClassDefFoundError: Could not initialize class org.apache.poi.ss.format.CellFormat
 at org.apache.poi.ss.usermodel.DataFormatter.getFormat(DataFormatter.java:401)
 at org.apache.poi.ss.usermodel.DataFormatter.getFormat(DataFormatter.java:362)
 at org.apache.poi.ss.usermodel.DataFormatter.getFormattedNumberString(DataFormatter.java:957)
 at org.apache.poi.ss.usermodel.DataFormatter.formatCellValue(DataFormatter.java:1137)
 at org.apache.poi.ss.usermodel.DataFormatter.formatCellValue(DataFormatter.java:1076)
 at org.apache.poi.ss.usermodel.DataFormatter.formatCellValue(DataFormatter.java:1053)
 at org.apache.poi.hssf.extractor.ExcelExtractor.getText(ExcelExtractor.java:324)
 at org.apache.poi.POIFuzzer.checkExtractor(POIFuzzer.java:127)
 at org.apache.poi.POIHSSFFuzzer.fuzzerTestOneInput(POIHSSFFuzzer.java:46)

This is strange, the class is part of Apache POI and should be available.

The "Could not initialize" usually indicates an exception while loading the class CellFormat, e.g. a inside a static initializer, but unfortunately Jazzer seems to not provide details here.

We also cannot reproduce the issue locally with the given reproducer-test-case.

Is there anything which could cause an issue like that when running fuzzing with Jazzer?

And is there a way to make Jazzer provide details of an exception while loading a class happens?

[fmeum]

When Jazzer fails to instrument a class, it should print the exception encountered during instrumentation as a warning. You may have to scroll up in the logs to see it.

I don't know of any other failure cases that we do not handle in this way, but that doesn't mean much (just see the comment on the code snippet I linked, we may very well be missing another way things can silently fail).

Can you share the full logs you got from OSS-Fuzz? You can also send me an email if you don't want to post them publicly.

[centic9]

Thanks for the source-link.

The problem does not reproduce outside of oss-fuzz or when running oss-fuzz locally via Docker so likely it was triggered by some hard-to-track issue when running on cloud hardware at scale.

The full output is attached, I could not see any other relevant output on a quick look:
jazzer_output.txt