Empty (0B) Testcases for Envoy Gateway Crashes on OSS-Fuzz

[sudiptob2]

We are currently working on integrating fuzzing for Envoy Gateway and have encountered an issue. After integrating with OSS-Fuzz, three crashes were detected. However, the unminimized testcases for all three crashes are empty (0B).

Could anyone provide some guidance on how to reproduce these crashes?

Reference: Crashes: https://oss-fuzz.com/testcases?fuzzer=libFuzzer_gateway_FuzzGatewayAPIToXDS Fuzzer Source: https://github.com/envoyproxy/gateway/blob/main/test/fuzz/xds_fuzz_test.go

Acknowledgement: This work is sponsored by the Linux Foundation Mentorship program.

[nareddyt]

Hi @jonathanmetzman @AdamKorcz can you take a look? We think this is an OSS fuzz issue. Every single reproducer test case has 0 bytes, but the OSS fuzz logs indicate the corpus seeding and mutations are working as expected.

Initial integration PR was merged last week - https://github.com/google/oss-fuzz/pull/13135

[DavidKorczynski]

I think in this instance it's because the bug does not reliably reproduce (see the "Reliably Reproduces" field). Can you confirm if there are issues that reliably reproduces but have no reproducer data?

[nareddyt]

Hi @DavidKorczynski, you are correct, NONE of our crashes reliably reproduce.

We believe our fuzzers are completely deterministic, so that is surprising. But we can double check.

[jonathanmetzman]

Yeah, I'm guessing this is an issue of the fuzzers randomly crashing. I'd try running them on your desktop for a few hours and see if they crash. My guess is they will.