Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
492	849	9 : View List ['wpa_hexdump', 'eap_aka_prime_derive_keys_reauth', 'eap_aka_response_reauth', 'eap_sim_derive_keys_reauth', 'eap_aka_clear_identities', 'eap_sim_parse_encr', 'free', 'eap_aka_state', 'eap_aka_learn_ids']	492	1242	eap_aka_process_reauthentication	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1366
203	271	4 : View List ['eap_sim_msg_add_encr_start', 'eap_sim_msg_add_encr_end', 'eap_sim_msg_add', 'eap_sim_msg_free']	203	412	eap_aka_response_notification	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:867
109	109	2 : View List ['eap_aka_ext_sim_result', 'eap_aka_ext_sim_req']	109	109	eap_aka_umts_auth	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:292
103	103	1 : View List ['eap_aka_process_notification_reauth']	103	103	eap_aka_process_notification_auth	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1282
18	18	2 : View List ['wpa_debug_print_timestamp', '__ctype_b_loc']	18	18	_wpa_hexdump_ascii	call site: 00000	/src/hostap/src/utils/wpa_debug.c:423
14	14	1 : View List ['wpa_debug_print_timestamp']	14	14	_wpa_hexdump	call site: 00035	/src/hostap/src/utils/wpa_debug.c:281
2	2	1 : View List ['eap_aka_prime_derive_keys']	2	574	eap_aka_process_challenge	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1179
2	2	1 : View List ['eap_sm_request_identity']	2	2	eap_aka_process	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1477
2	2	1 : View List ['eap_sim_verify_mac_sha256']	2	2	eap_aka_verify_mac	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:951
2	2	1 : View List ['atoi']	2	2	wpa_fuzzer_set_debug_level	call site: 00002	/src/hostap/tests/fuzzing/sae/../fuzzer-common.c:23
0	135	2 : View List ['wpabuf_free', 'eap_aka_client_error']	0	135	eap_aka_process_identity	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:932
0	75	1 : View List ['eap_sim_msg_add_mac']	0	141	eap_aka_response_notification	call site: 00000	/src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:883

1


           wpa_fuzzer_set_debug_level

[function] [call site] 00001

2


             getenv

[call site] 00002

2


             atoi

[call site] 00003

1


           eap_peer_aka_register

[function] [call site] 00004

2


             eap_peer_method_alloc

[function] [call site] 00005

3


               os_zalloc

[function] [call site] 00006

4


                 calloc

[call site] 00007

2


             eap_peer_method_register

[function] [call site] 00008

1


           os_zalloc

[function] [call site] 00009

1


           WPA_GET_BE16

[function] [call site] 00010

1


           wpabuf_alloc_copy

[function] [call site] 00011

2


             wpabuf_alloc

[function] [call site] 00012

3


               os_zalloc

[function] [call site] 00013

2


             wpabuf_put_data

[function] [call site] 00014

3


               wpabuf_put

[function] [call site] 00015

4


                 wpabuf_mhead_u8

[function] [call site] 00016

5


                   wpabuf_mhead

[function] [call site] 00017

4


                 wpabuf_len

[function] [call site] 00018

4


                 wpabuf_overflow

[function] [call site] 00019

5


                   wpa_printf

[function] [call site] 00020

6


                     wpa_debug_print_timestamp

[function] [call site] 00021

7


                       os_get_time

[function] [call site] 00022

8


                         gettimeofday

[call site] 00023

7


                       fprintf

[call site] 00024

7


                       printf

[call site] 00025

6


                     vfprintf

[call site] 00026

6


                     fprintf

[call site] 00027

6


                     vprintf

[call site] 00028

6


                     printf

[call site] 00029

5


                   abort

[call site] 00030

1


           wpa_hexdump_buf

[function] [call site] 00031

2


             wpabuf_head

[function] [call site] 00032

2


             wpabuf_len

[function] [call site] 00033

2


             wpa_hexdump

[function] [call site] 00034

3


               _wpa_hexdump

[function] [call site] 00035

4


                 wpa_debug_print_timestamp

[function] [call site] 00036

4


                 fprintf

[call site] 00037

4


                 fprintf

[call site] 00038

4


                 fprintf

[call site] 00039

4


                 fprintf

[call site] 00040

4


                 fprintf

[call site] 00041

4


                 printf

[call site] 00042

4


                 printf

[call site] 00043

4


                 printf

[call site] 00044

4


                 printf

[call site] 00045

4


                 printf

[call site] 00046

1


           wpa_hexdump_buf

[function] [call site] 00047

1


           wpabuf_free

[function] [call site] 00048

1


           wpabuf_free

[function] [call site] 00049

Fuzz blockers

Fuzzer calltree