Breakpoint 1 at 0x1391533: file ../util/qemu-timer.c, line 593.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x772c5d92a6c0 (LWP 48879)]
[New Thread 0x772c5cf656c0 (LWP 48880)]
[New Thread 0x772c47dff6c0 (LWP 48881)]
INFO: libFuzzer ignores flags that start with '--'
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 571063218
INFO: Loaded 1 modules   (229555 inline 8-bit counters): 229555 [0x63516dcd6498, 0x63516dd0e54b), 
INFO: Loaded 1 PC tables (229555 PCs): 229555 [0x63516dd0e550,0x63516e08f080), 
[New Thread 0x772c458bd6c0 (LWP 48882)]
INFO:        0 files found in /tmp/edu-esc-corpus
edu_dma_fuzz: bar0=0xe0000000 dst_gpa=0x100000 src_gpa=0x110000
EDU_ESCAPE: config reach=1MiB verbose=0 writetest=0 exploit=0 deref=1

===== edu_dma_timer cb(opaque) CALL-SITE (the pivot target) =====
rdi(opaque=EduState)=0x635177d99ff0
r13(cb=edu_dma_timer)=0x63516c2b8be0
rsi=0x0 rdx=0x2000000000 rcx=0x63516e08f600 rax=0xff0
r8=0x0 r9=0x0 r10=0x772c5e9cdfc0 r11=0x772c5e9ce8c0 r12=0x63516cb95679
rsp=0x7ffdbb4119b0 rbp=0x7ffdbb4119f0 rip=0x63516ca1d533
PIE base = rip - 0x1391533 = 0x63516b68c000
[rdi+0xcb8] = dma_buf[0] (host 0x635177d9aca8): 0x635177d9aca8:	0x0000000000000000
stack [rsp..rsp+0x80]:
0x7ffdbb4119b0:	0x00006351773097d8	0x0000635177d99ff0
0x7ffdbb4119c0:	0x0000635177309830	0x0000000004e92486
0x7ffdbb4119d0:	0x000063516cb95679	0x0000000005f5e100
0x7ffdbb4119e0:	0x00006351773097d8	0x00000000010cbc7a
0x7ffdbb4119f0:	0x00007ffdbb411a40	0x000063516ca1e4c5
0x7ffdbb411a00:	0x0000635177309a00	0x0000000004e92486
0x7ffdbb411a10:	0x000000000bebc200	0x000000000bebc200
0x7ffdbb411a20:	0x000063517705cbf0	0x0000635177f3fb40
===== END =====