[londons_explore]

Don't forget that the use-after-free used was also artificial - ie. OP didn't discover one, he added a UAF bug to go exploit.

The fact he got KASAN working and talks about fuzzing suggests he looked for one, but couldn't find one, which is a good sign.

[phlip9]

From the article, it looks like the syzkaller fuzzer integration was stale and not working, so there might still be some juice to squeeze if someone can get that running again : )