Tell someone upstream - in this case Greg KH - what you want to do and agree on a protocol. Inform him of each patch you submit. He's then the backstop against anything in the experiment actually causing harm.

Same way an employer trains employees on phishing campaigns or an auditor or penetration tester tests resilience or compliance.

Yes, employers often send out fake phishing e-mails to test resilience and organizational penetration testing is done on the field with unsuspecting people.

Ah. I never replied to the e-mails sent out by my employer about registering for a training in phishing detection. I just assumed those e-mails were phishing e-mails.

I assume that so many official emails from my employer are phishing.. it's a mess.

This read as sarcastic to me but FYI what you said is actually, unironically, true