Session

The networking subsystem has been on the receiving end of a lot of bugs discovered via AI and often patches generated by AI. In this BoF we will explore experiences and tools of trade in the security aspect of generating the bugs and fixes, effect of AI generated fixes, doing code reviews, and generating kernel patches.

Tentative agenda below. If you wish to discuss your experiences or tricks of trade, ping me.

1) Shardul Bankar

Protocol-flow fuzzing for MPTCP

In-kernel transport protocols increasingly embed cryptography in the data path: MPTCP’s MP_JOIN HMAC, QUIC’s mandatory TLS 1.3. The crypto gates that protect the protocol also reject stateless fuzzers: random bytes fail the kernel’s token-lookup-then-HMAC chain at multiple gates. Reaching the interesting code requires an executor that constructs protocol state before the fuzzer mutates it.

We extended Hung & Amiri Sani’s BRF (arXiv:2305.08782, UC Irvine; a Syzkaller fork) for kernel transport-security protocol flows, MPTCP-first. The talk presents a prescriptive five-step guide that carries a fuzzer past a transport-security protocol’s crypto gates: BRF’s state-carrier pseudo-syscall pattern, AI-drafted syzlang and executor C under a strict VM-verification step, audit-driven coverage-gap closure, kcov on the gated softirq paths, and continuous instrumentation of whichever quality metric the generator can silently degrade. For our BPF struct_ops MPTCP scheduler generator that metric is verifier-accept rate, ~60% over 32,822 loads recorded per-load, with the rejection-reason breakdown still being categorized.

The guide is validated by two upstream-mergeable bugs on two distinct surfaces of net/mptcp/: a userspace-PM alloc-during-teardown race (https://lore.kernel.org/all/20260523212930.2957096-1-shardul. b@mpiricsoftware.com/, v2 in upstream review), and a kernel-PM-reachable close-path divide-by-zero in tcp_tso_segs (https://lore.kernel.org/all/20260525194828.1137119-1-shardul.b@mpiricsoftware.com/, v3 in review with Paolo Abeni), a partial-fix re-emergence of a 2021 bug class. We close on honest limits (N=2, no controlled Syzkaller baseline yet), ongoing MPTCP harness work (kernel-PM mode, wire-level option mutation, MP_JOIN syncookie path, HMAC reset surface); substrate extensions to QUIC and tlshd are hypothesis, not yet built.

2) Rajat Gupta

Tooling for bug hunting

3) Andrea Mayer and Stefano Salsano

The Cost Asymmetry of AI-Generated Code: a Case Study in the SRv6 Subsystem

In this talk we will discuss our adventure on analysis of an AI-generated patchset submitted to the Linux kernel SRv6 subsystem: what went wrong, why, and lessons learned for using AI in kernel development.

4) Greg KH Let’s commiserate about the LLM spam flood and how to use them to our advantage

5) Roman Gushchin

Sashiko - AI code review system for the Linux kernel

Sashiko was introduced mid-March 2026 and by now was adopted by most major subsystems. I plan to share some stories behind the initial development approach and architecture choices, as well as speculate on what can be ahead. I want to leave a lot of time for AMA and free-form discussions on how to properly incorporate the AI code review into the linux kernel development process and what features/qualities of Sashiko are currently limiting this process.

5) Open Session