Linux stable kernel maintainer Greg Kroah-Hartman has started using an AI-assisted fuzzing tool in a branch named 'clanker' to test the kernel codebase. The tool has already prompted fixes for vulnerabilities in subsystems like ksmbd and SMB. Patches from this effort now cover areas including USB, HID, WiFi, and networking.
Greg Kroah-Hartman, a key figure in Linux kernel maintenance, began testing with the 'clanker' branch by targeting the ksmbd and SMB code. This fuzzing process, which feeds malformed inputs to software to uncover bugs, revealed issues such as an EaNameLength validation gap in smb2_get_ea(), a missing bounds check needing three sub-authorities before accessing sub_auth[2], and a mechToken memory leak during SPNEGO decode failures. Kroah-Hartman submitted a three-patch series and cautioned reviewers: 'please don't trust them at all and verify that I'm not just making this all up before accepting them.' He chose this code for its ease of local testing with virtual machines, focusing on untrusted client scenarios. The 'clanker' branch has since expanded, accumulating fixes across subsystems like USB, HID, WiFi, LoongArch, and networking. Kroah-Hartman maintains the stable kernel branches used in servers, smartphones, and embedded devices worldwide. Linus Torvalds, Linux creator, has expressed interest in AI for kernel maintenance. At last year's Open Source Summit Japan, he noted an upcoming Maintainer Summit to discuss AI tooling policies. Torvalds shared an experiment where an AI tool supported his objections to a merge and identified extra issues, though he emphasized AI's role in review over code writing. This approach keeps humans in control: the AI fuzzer flags bugs, but experienced developers like Kroah-Hartman review and author the patches.
