Investigation performed and report fully written by GPT-5.5/Codex

Four Nicholas Carlini Linux Kernel Patches: Mythos-Related Candidate Report

Generated: 2026-05-01

Scope

This report covers the four recent Linux kernel commits in the local clone that are authored by Nicholas Carlini and plausibly belong in the same investigation bucket as the publicly discussed Mythos/Claude Code kernel findings.

Important caveat: these commits do not contain Assisted-by: trailers and do not explicitly mention "Mythos" in the commit metadata. The useful signal is instead a combination of:

• recent commit dates, from 2026-02-22 through 2026-04-02
• author identity: Nicholas Carlini <nicholas@carlini.com>
• overlap with the Red Hat Mythos/Claude Code discussion topics
• downstream stable/CVE handling for some commits
• security-flavored patch subjects and commit messages

Red Hat's public discussion of the Mythos/Claude Code kernel findings is here: https://www.redhat.com/en/blog/navigating-mythos-haunted-world-platform-security

Summary Table

Commit	Date	Subsystem	Subject	File touched	Explicit AI trailer?	Confidence
6b4f875aac344cdd52a1f34cc70ed2f874a65757	2026-02-22	ksmbd / SMB Direct	ksmbd: fix signededness bug in smb_direct_prepare_negotiation()	fs/smb/server/transport_rdma.c	No	High
5258572aa5fd5a7ed01b123b28241e0281b6fb9b	2026-03-17	ksmbd	ksmbd: fix share_conf UAF in tree_conn disconnect	fs/smb/server/mgmt/tree_connect.c	No	High
5170efd9c344c68a8075dcb8ed38d3f8a60e7ed4	2026-03-26	io_uring	io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check	io_uring/fdinfo.c	No	High
07712db80857d5d09ae08f3df85a708ecfc3b61f	2026-04-02	eventpoll	eventpoll: defer struct eventpoll free to RCU grace period	fs/eventpoll.c	No	Medium

1. ksmbd SMB Direct Signedness Bug

Commit: 6b4f875aac344cdd52a1f34cc70ed2f874a65757

Subject: ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

Local metadata:

Date: 2026-02-22
Author: Nicholas Carlini <nicholas@carlini.com>
Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

Patch mechanics:

The bug was in SMB Direct negotiation. The code used min_t(int, ...) while comparing unsigned __u32 negotiation sizes. A client-controlled value such as 0x80000000 becomes negative when treated as signed, so the min_t(int, ...) comparison could choose an attacker-provided oversized value. The patch changes both comparisons to min_t(u32, ...).

Diff shape:

fs/smb/server/transport_rdma.c | 4 ++--

Why it is a useful Mythos signal:

Red Hat's Mythos blog explicitly discusses KSMBD Signedness bug in smb_direct_prepare_negotiation. The commit is authored by Carlini, recent, and matches that description closely. There is no Reported-by: Anthropic or Assisted-by: trailer.

References:

• Upstream/stable commit: https://git.kernel.org/stable/c/6b4f875aac344cdd52a1f34cc70ed2f874a65757
• Stable mailing list patch: https://www.spinics.net/lists/stable/msg918854.html
• ksmbd pull request mentioning "fix potential buffer overflow in smbdirect negotiation": https://www.spinics.net/lists/kernel/msg6067115.html
• Red Hat Mythos discussion: https://www.redhat.com/en/blog/navigating-mythos-haunted-world-platform-security

2. ksmbd share_conf UAF in Tree Connection Disconnect

Commit: 5258572aa5fd5a7ed01b123b28241e0281b6fb9b

Subject: ksmbd: fix share_conf UAF in tree_conn disconnect

Local metadata:

Date: 2026-03-17
Author: Nicholas Carlini <nicholas@carlini.com>
Fixes: b39a1833cc4a ("ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency")
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

Patch mechanics:

__ksmbd_tree_conn_disconnect() released tree_conn->share_conf before checking whether the tree_conn reference count had dropped to zero. Under SMB3 multichannel, another connection can still have in-flight requests holding tree_conn references. That leaves a live tree_conn pointing at freed share_conf.

The fix ties the share_conf lifetime to the tree_conn lifetime by moving ksmbd_share_config_put() inside the refcount-zero branch in both disconnect and put paths.

Diff shape:

fs/smb/server/mgmt/tree_connect.c | 9 ++++++---

Why it is a useful Mythos signal:

Red Hat's blog discusses KSMBD Share_Conf use after free issue, and this commit matches that phrasing closely. It is authored by Carlini and lands in the same March 2026 cluster as the other known AI-found patches. Again, there is no Assisted-by: trailer.

References:

• Upstream/stable commit: https://git.kernel.org/stable/c/5258572aa5fd5a7ed01b123b28241e0281b6fb9b
• Gitiles diff mirror: https://linux.googlesource.com/linux/kernel/git/bpf/bpf/+/5258572aa5fd5a7ed01b123b28241e0281b6fb9b%5E%21/
• Red Hat Mythos discussion: https://www.redhat.com/en/blog/navigating-mythos-haunted-world-platform-security

Related nearby patch:

There is also c33615f995aee80657b9fdfbc4ee7f49c2bd733d (ksmbd: fix use-after-free of share_conf in compound request), authored by Hyunwoo Kim, which is separately tracked as CVE-2026-23428 in public CVE mirrors. It is related by vulnerable object (share_conf) but is not one of the four Carlini-authored commits.

3. io_uring SQE_MIXED fdinfo OOB Read

Commit: 5170efd9c344c68a8075dcb8ed38d3f8a60e7ed4

Subject: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check

Local metadata:

Date: 2026-03-26
Author: Nicholas Carlini <nicholas@carlini.com>
Fixes: 1cba30bf9fdd ("io_uring: add support for IORING_SETUP_SQE_MIXED")
Link: https://patch.msgid.link/20260327021823.3138396-1-nicholas@carlini.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

Patch mechanics:

__io_uring_show_fdinfo() iterates pending SQEs and needs to reject the second half of a 128-byte SQE when that half would run past the end of the SQE array. The old wrap check used (++sq_head & sq_mask) == 0, but sq_head is not the actual physical array index in this loop. The physical index is sq_idx = (i + sq_head) & sq_mask. The fix checks sq_idx directly.

Diff shape:

io_uring/fdinfo.c | 3 ++-

Why it is a useful Mythos signal:

Red Hat's blog explicitly names IO_URING SQE_MIXED wrap check. This commit is authored by Carlini, has a direct mailing-list patch link, and is tracked as CVE-2026-31484 by NVD.

References:

• Upstream/stable commit: https://git.kernel.org/stable/c/5170efd9c344c68a8075dcb8ed38d3f8a60e7ed4
• Original mailing-list thread: https://lore.gnuweeb.org/io-uring/20260327021823.3138396-1-nicholas%40carlini.com/t/
• Maintainer applied reply: https://lore.gnuweeb.org/io-uring/177461149247.257144.11021832307527401699.b4-ty%40b4/
• Stable patch: https://www.spinics.net/lists/stable/msg929420.html
• NVD CVE-2026-31484: https://nvd.nist.gov/vuln/detail/CVE-2026-31484
• Red Hat Mythos discussion: https://www.redhat.com/en/blog/navigating-mythos-haunted-world-platform-security

Related nearby patch:

6f02c6b196036dbb6defb4647d8707d29b7fe95b (io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops) is a separate SQE_MIXED bounds fix by Tom Ryan. It matches the same feature area but not the same author signal.

4. eventpoll RCU-Delayed Free

Commit: 07712db80857d5d09ae08f3df85a708ecfc3b61f

Subject: eventpoll: defer struct eventpoll free to RCU grace period

Local metadata:

Date: 2026-04-02
Author: Nicholas Carlini <nicholas@carlini.com>
Fixes: f2e467a48287 ("eventpoll: Fix semi-unbounded recursion")
Signed-off-by: Christian Brauner <brauner@kernel.org>

Patch mechanics:

ep_free() could free struct eventpoll while another concurrent path still held epi->ep under an RCU walk. The patch adds an rcu_head to struct eventpoll and replaces kfree(ep) with kfree_rcu(ep, rcu).

Diff shape:

fs/eventpoll.c | 6 +++++-

Why it is a useful Mythos signal:

This one is weaker than the previous three. It is not one of the five issues listed in the Red Hat blog, and I did not find a public source tying it directly to Mythos. However, it is recent, authored by Nicholas Carlini, security-relevant (prevent UAF in the commit message), and was picked up by stable trees. That makes it a useful candidate when searching for "human-written patches fixing AI-found bugs", but it should be labeled medium-confidence unless another source confirms its origin.

References:

• Upstream/stable commit: https://git.kernel.org/stable/c/07712db80857d5d09ae08f3df85a708ecfc3b61f
• AUTOSEL 6.18 mailing-list patch: https://www.spinics.net/lists/kernel/msg6162080.html
• Stable 6.6 patch: https://www.spinics.net/lists/stable/msg937889.html
• Stable 6.12 patch: https://www.spinics.net/lists/stable/msg936120.html
• Stable 6.18 patch: https://www.spinics.net/lists/stable/msg936114.html

Search Signals Learned

Strong signals:

git log --all --since='2026-02-01' \
  --author='Nicholas Carlini' \
  --format='%H %cs %an %s'

git log --all --since='2026-02-01' \
  --grep='Reported-by:.*anthropic\\|Tested-by:.*anthropic\\|Reported-by: Anthropic' \
  --regexp-ignore-case \
  --format='%H %cs %an %s%n%(trailers)%n'

Medium signals:

• subjects containing UAF, use-after-free, OOB, overflow, signedness, bounds, wrap check
• affected subsystems mentioned in the public discussion: nfsd, ksmbd, io_uring, futex
• stable backport activity in late March and April 2026
• CVEs published by kernel.org in April 2026 whose descriptions closely match these commit messages

Weak signal:

• Assisted-by: Claude alone. This catches many real AI-assisted commits, but it misses this Carlini set and produces many unrelated patches.

Additional Strict Candidates

The strict local search found nine total high-confidence candidates using these signals:

• Reported-by: or Tested-by: contains Nicholas Carlini <npc@anthropic.com>
• Reported-by: contains Anthropic
• author is Nicholas Carlini in the 2026 Mythos disclosure window

Four of those nine are the Carlini-authored patches covered above. The other five are useful follow-up candidates:

Commit	Date	Author	Subject	Signal
9e6bf146b55999a095bb14f73a843942456d1adc	2026-04-27	Greg Kroah-Hartman	ipv6: rpl: reserve mac_len headroom when recompressed SRH grows	Reported-by: Anthropic
d0be8884f56b0b800cd8966e37ce23417cd5044e	2026-04-21	Greg Kroah-Hartman	io_uring: take page references for NOMMU pbuf_ring mmaps	Reported-by: Anthropic; Assisted-by: gkh_clanker_t1000
2fc87d37be1b730a149b035f9375fdb8cc5333a5	2026-04-20	Greg Kroah-Hartman	drm/nouveau: fix u32 overflow in pushbuf reloc bounds check	Reported-by: Anthropic; Assisted-by: gkh_clanker_t1000
19f94b39058681dec64a10ebeb6f23fe7fc3f77a	2026-03-26	Peter Zijlstra	futex: Require sys_futex_requeue() to have identical flags	Reported-by: Nicholas Carlini <npc@anthropic.com>
5133b61aaf437e5f25b1b396b14242a6bb0508e2	2026-03-16	Jeff Layton	nfsd: fix heap overflow in NFSv4.0 LOCK replay cache	Reported-by: and Tested-by: Nicholas Carlini <npc@anthropic.com>

Count

9 total strict candidates
4 Carlini-authored candidates covered in this report
5 additional strict candidates listed above

Notes On The Five Additional Candidates

The nfsd and futex commits are already part of the public Mythos/Claude Code discussion. They are human-authored fixes for issues reported by Nicholas Carlini at Anthropic, and they do not contain Assisted-by: trailers.

The three April 2026 Greg Kroah-Hartman commits are especially interesting because they use the direct trailer:

Reported-by: Anthropic

Two of the three also include:

Assisted-by: gkh_clanker_t1000

That combination is a strong practical search pattern for newer Anthropic- or Mythos-related kernel fixes that are not necessarily authored by Carlini and may not be covered in early public summaries.