Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: usrsctp
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzzer_listen
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer_fragment
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer_connect
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer/fuzzer_connect.c
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer/fuzzer_listen.c
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer/fuzzer_connect.c
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer/fuzzer_fragment.c
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzzer/fuzzer_listen.c
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
fuzzer/fuzzer_listen.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_fragment.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_connect.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_connect.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_listen.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_connect.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_fragment.c
Dictionary
Fuzzer function priority
fuzzer/fuzzer_listen.c
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Report generation date: 2025-10-10

Project overview: usrsctp

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
66.0%
594 / 896
Cyclomatic complexity statically reachable by fuzzers
89.0%
16596 / 18602
Runtime code coverage of functions
43.0%
381 / 896

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzzer_listen fuzzer/fuzzer_listen.c 579 354 27 24 36512 13676 fuzzer_listen.c
fuzzer_fragment fuzzer/fuzzer_fragment.c 612 318 27 24 44157 16379 fuzzer_fragment.c
fuzzer_connect fuzzer/fuzzer_connect.c 613 318 27 24 44182 16390 fuzzer_connect.c
fuzzer/fuzzer_connect.c fuzzer/fuzzer_connect.c 611 337 27 24 44177 16386 fuzzer_connect.c
fuzzer/fuzzer_listen.c fuzzer/fuzzer_listen.c 577 373 27 24 36517 13677 fuzzer_listen.c
fuzzer/fuzzer_connect.c fuzzer/fuzzer_connect.c 632 317 27 25 44408 16475 fuzzer_connect.c
fuzzer/fuzzer_fragment.c fuzzer/fuzzer_fragment.c 611 337 27 24 44152 16376 fuzzer_fragment.c
fuzzer/fuzzer_listen.c fuzzer/fuzzer_listen.c 586 365 27 25 36566 13708 fuzzer_listen.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzzer_listen

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4792 88.6%
gold [1:9] 306 5.65%
yellow [10:29] 15 0.27%
greenyellow [30:49] 14 0.25%
lawngreen 50+ 280 5.17%
All colors 5407 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
600 4445 usrsctp_setsockopt call site: 04445 sctp_do_connect_x
481 3589 sctp_process_control call site: 03589 sctp_handle_stream_reset
455 1056 sctp_lowlevel_chunk_output call site: 01056 sctp_free_assoc
348 2703 sctp_alloc_chunklist call site: 02703 sctp_handle_sack
298 1533 sctp_add_addresses_to_i_ia call site: 01533 sctp_send_sack
279 3131 sctp_inpcb_bind_locked call site: 03131 sctp_process_cookie_existing
247 318 m_copydata call site: 00318 sctp_timer_start
227 4073 sctp_common_input_processing call site: 04073 sctp_process_data
202 568 sctp_generate_cause call site: 00568 sctp_abort_an_association
196 5056 sctp_setopt call site: 05056 sctp_timer_start
118 2584 sctp_handle_init call site: 02584 sctp_handle_init_ack
87 5311 init_fuzzer call site: 05311 usrsctp_accept

Runtime coverage analysis

Covered functions
154
Functions that are reachable but not covered
429
Reachable functions
579
Percentage of reachable functions covered
25.91%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_listen.c 5
usrsctplib/user_socket.c 43
usrsctplib/netinet/sctp_usrreq.c 15
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 79
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 69
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 30
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 4
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer_fragment

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 5256 82.3%
gold [1:9] 107 1.67%
yellow [10:29] 0 0.0%
greenyellow [30:49] 6 0.09%
lawngreen 50+ 1010 15.8%
All colors 6379 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
491 5869 usrsctp_sendv call site: 05869 usrsctp_getassocid
479 3594 sctp_process_control call site: 03594 sctp_handle_stream_reset
326 4443 sctp_setopt call site: 04443 sctp_do_connect_x
303 2750 sctp_process_control call site: 02750 sctp_handle_sack
242 1538 sctp_send_initiate call site: 01538 sctp_send_sack
223 3187 sctp_initialize_auth_params call site: 03187 sctp_process_cookie_existing
215 4074 sctp_common_input_processing call site: 04074 sctp_process_data
179 5060 sctp_setopt call site: 05060 sctp_timer_start
159 4797 sctp_aloc_assoc_connected call site: 04797 sctp_do_connect_x
158 374 sctp_notify_adaptation_layer call site: 00374 sctp_notify_assoc_change
109 5411 soconnect call site: 05411 sctp6_connect
87 1382 sctp_inpcb_free call site: 01382 sctp_threshold_management

Runtime coverage analysis

Covered functions
245
Functions that are reachable but not covered
381
Reachable functions
612
Percentage of reachable functions covered
37.75%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_fragment.c 4
usrsctplib/user_socket.c 49
usrsctplib/netinet/sctp_usrreq.c 22
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 85
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 82
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 33
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 5
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer_connect

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4236 66.2%
gold [1:9] 217 3.39%
yellow [10:29] 153 2.39%
greenyellow [30:49] 56 0.87%
lawngreen 50+ 1733 27.0%
All colors 6395 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
491 5875 usrsctp_sendv call site: 05875 usrsctp_getassocid
249 4444 sctp_setopt call site: 04444 sctp_deact_sharedkey
179 5061 sctp_setopt call site: 05061 sctp_timer_start
170 3240 sctp_send_cookie_ack call site: 03240 sctp_process_cookie_existing
159 4798 sctp_aloc_assoc_connected call site: 04798 sctp_do_connect_x
109 5417 soconnect call site: 05417 sctp6_connect
97 2829 sctp_handle_sack call site: 02829 sctp_timer_start
84 3501 sctpconn_attach call site: 03501 sctp_move_pcb_and_assoc
76 2511 sctp_is_vtag_good call site: 02511 sctp_free_assoc
72 4961 sctp_setopt call site: 04961 sctp_dynamic_set_primary
65 5577 sctp_lower_sosend call site: 05577 sctp_sendall
63 1704 sctp_timeout_handler call site: 01704 sctp_handle_addr_wq

Runtime coverage analysis

Covered functions
368
Functions that are reachable but not covered
260
Reachable functions
613
Percentage of reachable functions covered
57.59%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_connect.c 5
usrsctplib/user_socket.c 49
usrsctplib/netinet/sctp_usrreq.c 22
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 85
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 82
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 33
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 5
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer/fuzzer_connect.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4410 69.0%
gold [1:9] 177 2.77%
yellow [10:29] 92 1.44%
greenyellow [30:49] 50 0.78%
lawngreen 50+ 1658 25.9%
All colors 6387 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
507 5871 usrsctp_sendv call site: 05871 usrsctp_conninput
326 4443 sctp_setopt call site: 04443 sctp_do_connect_x
179 5060 sctp_setopt call site: 05060 sctp_timer_start
170 3240 sctp_send_cookie_ack call site: 03240 sctp_process_cookie_existing
159 4797 sctp_aloc_assoc_connected call site: 04797 sctp_do_connect_x
109 5416 soconnect call site: 05416 sctp6_connect
99 2829 sctp_handle_sack call site: 02829 sctp_timer_start
84 3501 sctpconn_attach call site: 03501 sctp_move_pcb_and_assoc
72 4960 sctp_setopt call site: 04960 sctp_dynamic_set_primary
65 5573 sctp_lower_sosend call site: 05573 sctp_sendall
63 1704 sctp_timeout_handler call site: 01704 sctp_handle_addr_wq
57 2762 sctp_express_handle_sack call site: 02762 sctp_handle_sack

Runtime coverage analysis

Covered functions
390
Functions that are reachable but not covered
243
Reachable functions
611
Percentage of reachable functions covered
60.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_connect.c 4
usrsctplib/user_socket.c 49
usrsctplib/netinet/sctp_usrreq.c 22
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 85
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 82
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 33
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 5
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer/fuzzer_listen.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 3540 65.5%
gold [1:9] 211 3.90%
yellow [10:29] 92 1.70%
greenyellow [30:49] 50 0.92%
lawngreen 50+ 1511 27.9%
All colors 5404 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
327 4463 sctp_setopt call site: 04463 sctp_do_connect_x
179 5071 sctp_setopt call site: 05071 sctp_timer_start
170 3240 sctp_send_cookie_ack call site: 03240 sctp_process_cookie_existing
159 4808 sctp_aloc_assoc_connected call site: 04808 sctp_do_connect_x
99 2829 sctp_handle_sack call site: 02829 sctp_timer_start
84 3501 sctpconn_attach call site: 03501 sctp_move_pcb_and_assoc
72 4971 sctp_setopt call site: 04971 sctp_dynamic_set_primary
70 5309 init_fuzzer call site: 05309 usrsctp_accept
63 1704 sctp_timeout_handler call site: 01704 sctp_handle_addr_wq
57 2762 sctp_express_handle_sack call site: 02762 sctp_handle_sack
54 868 sctp_source_address_selection call site: 00868 sctp_choose_boundall
54 1538 sctp_send_initiate call site: 01538 sctp_send_sack

Runtime coverage analysis

Covered functions
390
Functions that are reachable but not covered
220
Reachable functions
577
Percentage of reachable functions covered
61.87%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_listen.c 4
usrsctplib/user_socket.c 43
usrsctplib/netinet/sctp_usrreq.c 15
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 79
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 69
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 30
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 4
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer/fuzzer_connect.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4525 69.5%
gold [1:9] 177 2.72%
yellow [10:29] 92 1.41%
greenyellow [30:49] 50 0.76%
lawngreen 50+ 1660 25.5%
All colors 6504 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
516 5979 usrsctp_sendv call site: 05979 usrsctp_conninput
326 4465 sctp_setopt call site: 04465 sctp_do_connect_x
179 5082 sctp_setopt call site: 05082 sctp_timer_start
170 3246 sctp_send_cookie_ack call site: 03246 sctp_process_cookie_existing
159 4819 sctp_aloc_assoc_connected call site: 04819 sctp_do_connect_x
109 5519 soconnect call site: 05519 sctp6_connect
99 2835 sctp_handle_sack call site: 02835 sctp_timer_start
84 3507 sctpconn_attach call site: 03507 sctp_move_pcb_and_assoc
83 5431 usrsctp_recvv call site: 05431 usrsctp_connect
72 4982 sctp_setopt call site: 04982 sctp_dynamic_set_primary
65 5681 sctp_lower_sosend call site: 05681 sctp_sendall
63 1710 sctp_timeout_handler call site: 01710 sctp_handle_addr_wq

Runtime coverage analysis

Covered functions
390
Functions that are reachable but not covered
263
Reachable functions
632
Percentage of reachable functions covered
58.39%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_connect.c 5
programs/programs_helper.c 11
usrsctplib/user_socket.c 51
usrsctplib/netinet/sctp_usrreq.c 22
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 85
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 82
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 33
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 5
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer/fuzzer_fragment.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 4369 68.5%
gold [1:9] 184 2.88%
yellow [10:29] 92 1.44%
greenyellow [30:49] 50 0.78%
lawngreen 50+ 1683 26.3%
All colors 6378 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
491 5868 usrsctp_sendv call site: 05868 usrsctp_getassocid
326 4443 sctp_setopt call site: 04443 sctp_do_connect_x
179 5060 sctp_setopt call site: 05060 sctp_timer_start
170 3240 sctp_send_cookie_ack call site: 03240 sctp_process_cookie_existing
159 4797 sctp_aloc_assoc_connected call site: 04797 sctp_do_connect_x
109 5411 soconnect call site: 05411 sctp6_connect
99 2829 sctp_handle_sack call site: 02829 sctp_timer_start
84 3501 sctpconn_attach call site: 03501 sctp_move_pcb_and_assoc
72 4960 sctp_setopt call site: 04960 sctp_dynamic_set_primary
65 5570 sctp_lower_sosend call site: 05570 sctp_sendall
63 1704 sctp_timeout_handler call site: 01704 sctp_handle_addr_wq
57 2762 sctp_express_handle_sack call site: 02762 sctp_handle_sack

Runtime coverage analysis

Covered functions
390
Functions that are reachable but not covered
243
Reachable functions
611
Percentage of reachable functions covered
60.23%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_fragment.c 4
usrsctplib/user_socket.c 49
usrsctplib/netinet/sctp_usrreq.c 22
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 85
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 82
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 33
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 5
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7

Fuzzer: fuzzer/fuzzer_listen.c

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 3555 65.6%
gold [1:9] 209 3.85%
yellow [10:29] 92 1.69%
greenyellow [30:49] 50 0.92%
lawngreen 50+ 1512 27.9%
All colors 5418 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
327 4476 sctp_setopt call site: 04476 sctp_do_connect_x
179 5084 sctp_setopt call site: 05084 sctp_timer_start
170 3240 sctp_send_cookie_ack call site: 03240 sctp_process_cookie_existing
159 4821 sctp_aloc_assoc_connected call site: 04821 sctp_do_connect_x
99 2829 sctp_handle_sack call site: 02829 sctp_timer_start
84 3501 sctpconn_attach call site: 03501 sctp_move_pcb_and_assoc
72 4984 sctp_setopt call site: 04984 sctp_dynamic_set_primary
70 5322 init_fuzzer call site: 05322 usrsctp_accept
63 1704 sctp_timeout_handler call site: 01704 sctp_handle_addr_wq
57 2762 sctp_express_handle_sack call site: 02762 sctp_handle_sack
54 868 sctp_source_address_selection call site: 00868 sctp_choose_boundall
54 1538 sctp_send_initiate call site: 01538 sctp_send_sack

Runtime coverage analysis

Covered functions
390
Functions that are reachable but not covered
228
Reachable functions
586
Percentage of reachable functions covered
61.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzer/fuzzer_listen.c 5
usrsctplib/user_socket.c 45
usrsctplib/netinet/sctp_usrreq.c 15
usrsctplib/user_environment.c 2
usrsctplib/netinet/sctp_sysctl.c 1
usrsctplib/netinet/sctp_pcb.c 61
usrsctplib/netinet/sctputil.c 79
usrsctplib/netinet/sctp_callout.c 7
usrsctplib/netinet/sctp_bsd_addr.c 8
usrsctplib/netinet/sctp_userspace.c 4
usrsctplib/user_environment.h 1
usrsctplib/netinet/sctp_output.c 69
usrsctplib/netinet/sctp_auth.c 53
usrsctplib/netinet/sctp_indata.c 34
usrsctplib/user_mbuf.c 30
usrsctplib/netinet/sctp_os_userspace.h 3
usrsctplib/netinet/sctp_timer.c 16
/usr/include/x86_64-linux-gnu/bits/byteswap.h 2
usrsctplib/netinet6/sctp6_usrreq.c 4
usrsctplib/netinet/sctp_sha1.c 4
usrsctplib/netinet/sctp_asconf.c 39
usrsctplib/netinet/sctp_crc32.c 7
usrsctplib/netinet/sctp_input.c 40
usrsctplib/user_recv_thread.c 7
programs/programs_helper.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
userspace_shutdown /src/usrsctp/usrsctplib/user_socket.c 2 ['N/A', 'int'] 18 0 12 3 2 256 0 5005 145
sctp_drain_mbufs /src/usrsctp/usrsctplib/netinet/sctp_pcb.c 1 ['N/A'] 22 0 1662 326 112 253 1 4972 112
sctp_cwnd_update_rtcc_after_sack /src/usrsctp/usrsctplib/netinet/sctp_cc_functions.c 5 ['N/A', 'N/A', 'int', 'int', 'int'] 4 0 12 3 2 7 0 109 107
sctp6_in6getaddr /src/usrsctp/usrsctplib/netinet6/sctp6_usrreq.c 2 ['N/A', 'N/A'] 6 0 50 11 5 39 0 433 60
sctp_htcp_cwnd_update_after_sack /src/usrsctp/usrsctplib/netinet/sctp_cc_functions.c 5 ['N/A', 'N/A', 'int', 'int', 'int'] 7 0 127 31 13 14 0 84 58
m_pulldown /src/usrsctp/usrsctplib/user_mbuf.c 4 ['N/A', 'int', 'int', 'N/A'] 8 0 513 108 43 23 0 182 53
usrsctp_peeloff /src/usrsctp/usrsctplib/user_socket.c 2 ['N/A', 'int'] 21 0 287 58 21 291 0 5296 50
sctp6_getpeeraddr /src/usrsctp/usrsctplib/netinet6/sctp6_usrreq.c 2 ['N/A', 'N/A'] 3 0 50 11 5 7 0 57 47
sctp_sendm /src/usrsctp/usrsctplib/netinet/sctp_usrreq.c 6 ['N/A', 'int', 'N/A', 'N/A', 'N/A', 'N/A'] 26 0 125 30 12 317 0 6475 43

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
70.0%
628 / 896
Cyclomatic complexity statically reachable by fuzzers
93.0%
17271 / 18602

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

fuzzer/fuzzer_listen.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['usrsctp_setsockopt', 'sctp_process_control', 'sctp_lowlevel_chunk_output', 'sctp_alloc_chunklist', 'sctp_add_addresses_to_i_ia', 'sctp_inpcb_bind_locked', 'm_copydata', 'sctp_common_input_processing', 'sctp_generate_cause', 'sctp_setopt']

fuzzer/fuzzer_fragment.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['usrsctp_sendv', 'sctp_process_control', 'sctp_setopt', 'sctp_send_initiate', 'sctp_initialize_auth_params', 'sctp_common_input_processing', 'sctp_aloc_assoc_connected', 'sctp_notify_adaptation_layer']

fuzzer/fuzzer_connect.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['usrsctp_sendv', 'sctp_setopt', 'sctp_send_cookie_ack', 'sctp_aloc_assoc_connected', 'soconnect', 'sctp_handle_sack', 'sctpconn_attach', 'sctp_is_vtag_good']

fuzzer/fuzzer_connect.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['usrsctp_sendv', 'sctp_setopt', 'sctp_send_cookie_ack', 'sctp_aloc_assoc_connected', 'soconnect', 'sctp_handle_sack', 'sctpconn_attach', 'sctp_lower_sosend']

fuzzer/fuzzer_listen.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sctp_setopt', 'sctp_send_cookie_ack', 'sctp_aloc_assoc_connected', 'sctp_handle_sack', 'sctpconn_attach', 'init_fuzzer', 'sctp_timeout_handler', 'sctp_express_handle_sack']

fuzzer/fuzzer_connect.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['usrsctp_sendv', 'sctp_setopt', 'sctp_send_cookie_ack', 'sctp_aloc_assoc_connected', 'soconnect', 'sctp_handle_sack', 'sctpconn_attach', 'usrsctp_recvv']

fuzzer/fuzzer_fragment.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['usrsctp_sendv', 'sctp_setopt', 'sctp_send_cookie_ack', 'sctp_aloc_assoc_connected', 'soconnect', 'sctp_handle_sack', 'sctpconn_attach', 'sctp_lower_sosend']

fuzzer/fuzzer_listen.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['sctp_setopt', 'sctp_send_cookie_ack', 'sctp_aloc_assoc_connected', 'sctp_handle_sack', 'sctpconn_attach', 'init_fuzzer', 'sctp_timeout_handler', 'sctp_express_handle_sack']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
sctp_insert_sharedkey 34 8 23.52% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_handle_cookie_echo 370 143 38.64% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_add_addresses_to_i_ia 150 25 16.66% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_lowlevel_chunk_output 540 216 40.0% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_send_resp_msg 242 114 47.10% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_add_addr_to_vrf 224 103 45.98% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_findassociation_ep_addr 291 80 27.49% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_pcb_findep 59 31 52.54% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_inpcb_bind_locked 264 87 32.95% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_tcb_special_locate 211 24 11.37% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_endpoint_probe 179 73 40.78% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_findassoc_by_vtag 70 35 50.0% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_setopt 2815 249 8.845% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_listen 153 34 22.22% ['/src/usrsctp/fuzzer/fuzzer_connect.c', '/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c']
sctp_timer_start 296 150 50.67% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
recv_thread_init 204 80 39.21% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
socreate 48 22 45.83% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
usrsctp_setsockopt 71 27 38.02% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_is_there_unsent_data 50 24 48.0% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_chunk_output 169 79 46.74% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_lower_sosend 996 302 30.32% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_move_to_outqueue 354 194 54.80% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_set_prsctp_policy 35 6 17.14% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_findasoc_ep_asocid_locked 31 11 35.48% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_inpcb_free 259 127 49.03% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_does_stcb_own_this_addr 166 51 30.72% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_iterator_inp_being_freed 31 8 25.80% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_aloc_assoc_locked 170 64 37.64% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctpconn_connect 103 53 51.45% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_invoke_recv_callback 88 6 6.818% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_sorecvmsg 734 338 46.04% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sofree 37 18 48.64% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
usrsctp_sendv 102 34 33.33% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
user_connect 48 13 27.08% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_handle_asconf_ack 116 19 16.37% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_asconf_send_nat_state_update 166 46 27.71% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_handle_auth 83 18 21.68% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_express_handle_sack 387 47 12.14% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_handle_sack 591 60 10.15% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_add_chk_to_control 58 28 48.27% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_kick_prsctp_reorder_queue 108 16 14.81% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_handle_shutdown_ack 43 16 37.20% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_handle_stream_reset_response 131 16 12.21% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
process_chunk_drop 189 96 50.79% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
send_forward_tsn 162 78 48.14% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_send_packet_dropped 118 17 14.40% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_is_ifa_addr_preferred 53 5 9.433% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_is_ifa_addr_acceptable 39 7 17.94% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_choose_boundspecific_stcb 120 61 50.83% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_remove_net 51 28 54.90% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_find_alternate_net 175 62 35.42% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']
sctp_timeout_handler 329 98 29.78% ['/src/usrsctp/fuzzer/fuzzer_fragment.c', 'fuzzer_fragment', 'fuzzer_listen', '/src/usrsctp/fuzzer/fuzzer_listen.c', '/src/usrsctp/fuzzer/fuzzer_connect.c', 'fuzzer_connect']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/usrsctp/usrsctplib/netinet/sctp_sha1.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_pcb.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_cc_functions.c [] []
/src/usrsctp/usrsctplib/netinet/sctp_timer.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_os_userspace.h ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_peeloff.c [] []
/src/usrsctp/programs/programs_helper.c ['fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c'] []
/src/usrsctp/usrsctplib/netinet/sctp_bsd_addr.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_output.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/user_environment.h ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] []
/src/usrsctp/fuzzer/fuzzer_fragment.c ['fuzzer_fragment', 'fuzzer/fuzzer_fragment.c'] ['fuzzer_fragment', 'fuzzer/fuzzer_fragment.c']
/src/usrsctp/usrsctplib/user_environment.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/usr/include/x86_64-linux-gnu/bits/byteswap.h ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] []
/src/usrsctp/fuzzer/fuzzer_listen.c ['fuzzer_listen', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_input.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/fuzzer/fuzzer_connect.c ['fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_connect.c'] ['fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_connect.c']
/src/usrsctp/usrsctplib/user_socket.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/user_mbuf.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_sysctl.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_asconf.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_auth.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctputil.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_userspace.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_indata.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet6/sctp6_usrreq.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] []
/src/usrsctp/usrsctplib/netinet/sctp_callout.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_crc32.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] []
/src/usrsctp/usrsctplib/netinet/sctp_usrreq.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/user_recv_thread.c ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c'] ['fuzzer_listen', 'fuzzer_fragment', 'fuzzer_connect', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_listen.c', 'fuzzer/fuzzer_connect.c', 'fuzzer/fuzzer_fragment.c', 'fuzzer/fuzzer_listen.c']
/src/usrsctp/usrsctplib/netinet/sctp_ss_functions.c [] []

Directories in report

Directory
/src/usrsctp/usrsctplib/netinet/
/src/usrsctp/fuzzer/
/src/usrsctp/programs/
/src/usrsctp/usrsctplib/netinet6/
/src/usrsctp/usrsctplib/
/usr/include/x86_64-linux-gnu/bits/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzzer_listen fuzzerLogFile-0-bRRycl2zeT.data fuzzerLogFile-0-bRRycl2zeT.data.yaml fuzzer_listen.covreport
fuzzer_fragment fuzzerLogFile-0-mBtER3L7I7.data fuzzerLogFile-0-mBtER3L7I7.data.yaml fuzzer_fragment.covreport
fuzzer_connect fuzzerLogFile-0-VaJKN846k8.data fuzzerLogFile-0-VaJKN846k8.data.yaml fuzzer_connect.covreport
fuzzer/fuzzer_connect.c fuzzerLogFile-0-xe0UeLfBtw.data fuzzerLogFile-0-xe0UeLfBtw.data.yaml fuzzer_listen.covreport , fuzzer_connect.covreport , fuzzer_fragment.covreport
fuzzer/fuzzer_listen.c fuzzerLogFile-0-cwdsmboWiA.data fuzzerLogFile-0-cwdsmboWiA.data.yaml fuzzer_listen.covreport , fuzzer_connect.covreport , fuzzer_fragment.covreport
fuzzer/fuzzer_connect.c fuzzerLogFile-0-r8Zrxu0txt.data fuzzerLogFile-0-r8Zrxu0txt.data.yaml fuzzer_listen.covreport , fuzzer_connect.covreport , fuzzer_fragment.covreport
fuzzer/fuzzer_fragment.c fuzzerLogFile-0-bNxYvBsVbv.data fuzzerLogFile-0-bNxYvBsVbv.data.yaml fuzzer_listen.covreport , fuzzer_connect.covreport , fuzzer_fragment.covreport
fuzzer/fuzzer_listen.c fuzzerLogFile-0-ZnA0ThYIEC.data fuzzerLogFile-0-ZnA0ThYIEC.data.yaml fuzzer_listen.covreport , fuzzer_connect.covreport , fuzzer_fragment.covreport