Lu has posted to LKML today, weasel wording around when asked point blank for a list of everything malicious sent to the kernel.

https://lore.kernel.org/lkml/YIBMKSovJumS79SR@pendragon.idea...

e: Not getting pulled into a maintainer tree isn't enough to be safe about what was posted to a kernel mailing list. People can (and testing scripts blindly do) grab and apply patches on the mailing list.