Open
Description
The reproducer is as simple as:
Out of memory (oom) killing a process that has large spans of mlocked
memory can result in a bad memory access or a NULL pointer dereference due
to concurrent memory unmapping by the oom reaper kernel thread.
#include <sys/mman.h>
#define MEM_LENGTH (1UL << 30)
int main(void)
{
void *ptr = mmap(0, MEM_LENGTH, PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
if (ptr == MAP_FAILED)
return -1;
return mlock(ptr, MEM_LENGTH);
}