Explore how to exploit race conditions using the scheduler in this 34-minute conference talk by Jann Horn from Google. Delve into two specific bugs with narrow race windows in the Linux kernel and Android userspace code, and learn how they can be exploited on a Google Pixel 2 phone running Linux 4.4. Discover techniques involving unprivileged sched_*() syscalls, Translation Lookaside Buffer (TLB), mremap() for moving memory mappings, and fallocate() for file space allocation. Examine the exploit plan, including the buddy allocator, preemption, and scheduler control. Investigate the Android kernel exploit involving app-zygote interaction, userfaultfd, FUSE, and komp() for reliable UAF. Analyze priority inversion, major faults, and repeated file mapping faults. Gain insights into exploiting struct file refcount and race conditions in hwservicemanager_mutex on kernel 4.4.