Defects in deep learning frameworks pose severe security risks in safety-critical domains; however, existing fuzzing techniques underutilize multi-source feedback and suffer from coarse granularity and low automation. This paper proposes FUEL—the first feedback-driven fuzzing framework leveraging dual large language model (LLM) agents: an *analysis LLM* performs fine-grained interpretation of coverage, crashes, and anomalies, while a *generation LLM* evolves high-diversity test cases based on this feedback, enabling closed-loop, synergistic feedback utilization. FUEL overcomes the static and unidirectional nature of conventional fuzzing feedback mechanisms. Evaluated on PyTorch and TensorFlow, FUEL identified 104 vulnerabilities, including 93 previously unknown ones; 47 have been patched, and 5 have received CVE identifiers.

Artificial Intelligence (AI) Infrastructures, represented by Deep Learning (DL) frameworks, have served as fundamental DL systems over the last decade. However, the bugs in DL frameworks could lead to catastrophic consequences in some critical scenarios (e.g., healthcare and autonomous driving). A simple yet effective way to find bugs in DL frameworks is fuzz testing (Fuzzing). Unfortunately, existing fuzzing techniques have not comprehensively considered multiple types of feedback. Additionally, they analyze feedback in a coarse-grained manner, such as mutating the test cases only according to whether the coverage increases. Recently, researchers introduced Large Language Models (LLMs) into fuzzing. However, current LLM-based fuzzing techniques only focus on using LLMs to generate test cases while overlooking their potential to analyze feedback information, failing to create more valid and diverse test cases. To fill this gap, we propose FUEL to break the seal of Feedback-driven fuzzing for DL frameworks. The backbone of FUEL comprises two LLM-based agents, namely analysis LLM and generation LLM. Analysis LLM agent infers analysis summaries from feedback information, while the generation LLM agent creates tests guided by these analysis summaries. So far, FUEL has detected 104 bugs for PyTorch and TensorFlow, with 93 confirmed as new bugs, 47 already fixed, and 5 assigned with CVE IDs. Our work indicates that considering multiple types of feedback is beneficial to fuzzing performance, and leveraging LLMs to analyze feedback information is a promising direction. Our artifact is available at https://github.com/NJU-iSE/FUEL