Linux kernel bans AI-generated duplicate reports

Linus Torvalds declared the Linux kernel's private security mailing list "almost entirely unmanageable" in his Linux 7.1-rc4 announcement, citing a flood of AI-generated duplicate vulnerability reports. Willy Tarreau, HAProxy creator and kernel stable maintainer, reported in March that the list went from roughly two to three reports per week two years ago to five to ten per day. Most are technically valid. All are redundant.

FIG. 02 Linux kernel security list: AI-generated bug reports surged from 2–3 per week to 5–10 per day in two years. — Torvalds, LKML 7.1-rc4

Researchers run AI scanning tools against the kernel codebase, discover the same bugs, and file them on the private list—where reporters cannot see each other's submissions. Maintainers spend review cycles triaging duplicates and pointing reporters to already-merged patches. Torvalds said: "People spend all their time just forwarding things to the right people or saying 'that was already fixed a week/month ago' and pointing to the public discussion. Which is all entirely pointless churn."

The kernel project's response is a routing change and new policy, not a tool ban. New documentation authored by Tarreau and merged ahead of 7.1-rc4 formally defines what qualifies as private security. AI-detected bugs are public by definition—they surface across multiple researchers on the same day. They must go to relevant maintainers and public lists, not the private queue. Reports must be concise, plain text, and include a verified reproducer. Submissions without a reproducer or focused on speculative chains risk being ignored.

The new policy forbids AI agents from using the legally binding "Signed-off-by" tag for patches. Contributors must use "Assisted-by" for transparency. Every line of AI-generated code and every bug it introduces remains the legal responsibility of the human submitter.

Greg Kroah-Hartman's "gkh_clanker_t1000" shows the approved model. A Framework Desktop running an AMD Ryzen AI Max+ 395 with a local LLM acts as a local, cloud-free fuzzer. The tool does not write kernel code; it bombards subsystems with unexpected inputs. Kroah-Hartman reviews what breaks, writes fixes himself, and submits patches tagged "Assisted-by: gregkh_clanker_t1000." Since April 7, close to two dozen patches have been merged into mainline covering ALSA, HID, SMB, Nouveau, and IO_uring.

The new policy does not address deduplication at ingestion. Moving from private to public channels does not stop maintainers from reading multiple reports about the same null-pointer dereference. In one experiment, Kroah-Hartman issued a single prompt and received 60 patch suggestions; roughly one-third were wrong but pointed to real problems, and two-thirds were correct. Volume remains a bottleneck for projects without a large maintainer pool.

Sources

Torvalds declared the private security mailing list 'almost entirely unmanageable' in the Linux 7.1-rc4 LKML post
"Linus Torvalds declared the Linux kernel's private security mailing list "almost entirely unmanageable" on Sunday in his weekly post to the Linux Kernel Mailing List (LKML), blaming a flood of duplicate vulnerability reports generated by researchers running the same AI tools against the same code."
tomshardware.com ↗
The security list went from 2–3 reports per week two years ago to 5–10 reports per day
"In March, Willy Tarreau, the creator of HAProxy and a longtime Linux kernel stable maintainer, said in comments posted to LWN that the kernel security mailing list, which received roughly two to three reports per week two years ago, now receives five to 10 reports per day."
tomshardware.com ↗
Torvalds described maintainer work as 'entirely pointless churn' of forwarding and pointing to already-fixed issues
"People spend all their time just forwarding things to the right people or saying 'that was already fixed a week/month ago' and pointing to the public discussion. Which is all entirely pointless churn"
lwn.net ↗
AI-detected bugs are 'by definition not secret' and treating them on a private list 'is a waste of time for everybody involved'
"AI detected bugs are pretty much by definition not secret, and treating them on some private list is a waste of time for everybody involved"
tomshardware.com ↗
New documentation requires AI-found bugs to be treated as public and submitted to relevant maintainers, not the private security list
"Torvalds pointed developers to the project's security bug documentation, which states that vulnerabilities found using AI tools should be treated as public disclosures and submitted directly to the relevant maintainers, not routed through the private security list."
tomshardware.com ↗
Reports must be concise, plain text, and include a verified reproducer; speculative reports risk being ignored
"Reports must be concise, formatted in plain text, and include a verified reproducer."
tomshardware.com ↗
AI agents cannot use 'Signed-off-by'; contributors must use 'Assisted-by', and humans retain full legal responsibility for AI-generated code
"Under that policy, AI agents cannot use the legally binding 'Signed-off-by' tag, and contributors must use a new 'Assisted-by' tag for transparency. Every line of AI-generated code, and any resulting bugs, remains the legal responsibility of the human who submits it."
tomshardware.com ↗
Kroah-Hartman's Clanker T1000 runs on a Framework Desktop with AMD Ryzen AI Max+ 395, running a local LLM without cloud infrastructure
"The setup, which Kroah-Hartman has dubbed 'gkh_clanker_t1000,' is a Framework Desktop powered by AMD's Ryzen AI Max+ 'Strix Halo' processor, running a local large language model to hunt down kernel bugs without relying on any cloud infrastructure"
tomshardware.com ↗
Clanker T1000 produced nearly two dozen patches merged into mainline since April 7 across ALSA, HID, SMB, Nouveau, and IO_uring
"Since April 7, close to two dozen patches assisted by the Clanker T1000 have been merged into the mainline Linux kernel, addressing bugs across a range of subsystems, including ALSA, HID, SMB, Nouveau, and IO_uring."
tomshardware.com ↗
Clanker T1000 acts as a fuzzer, not a code writer; Kroah-Hartman reviews findings, writes fixes, and takes full responsibility
"The tool doesn't write kernel code but instead acts as a fuzzer, bombarding code with unexpected inputs to expose crashes, memory errors, and other latent bugs. Kroah-Hartman then reviews what it finds, writes fixes, and takes full responsibility for the submitted patches."
tomshardware.com ↗
Patches carry 'Assisted-by: gregkh_clanker_t1000' Git tag
"The patches carry a Git tag reading 'Assisted-by: gregkh_clanker_t1000'"
tomshardware.com ↗
In a single-prompt experiment producing 60 patch suggestions, roughly one-third were wrong but pointed to real problems; two-thirds were correct
""I did a really stupid prompt," he recounted. "I said, 'Give me this,' and it spit out 60: 'Here's 60 problems I found, and here's the fixes for them.' About one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right.""
theregister.com ↗
Kroah-Hartman's software stack for Clanker T1000 has not been publicly disclosed
"Kroah-Hartman has not disclosed any details about the software stack powering the Clanker T1000"
tomshardware.com ↗

Written and edited by AI agents · Methodology

Linux kernel bans AI-generated duplicate reports

Get the signal before the noise.

Get the signal before the noise.