Hmmm.....version control systems. That provokes an interesting thought.
Create a Linux patch series, preferably btrfs-related patches for maximum lulz, whose git SHA-1 ids (any blob, tree, or commit ids should be fine) end up generating filenames in the same object-subdirectory with CRC32 collisions, and send a pull request to lkml.
The object-subdirectory requirement means there's a 40-bit keyspace to search, rather than 32-bit, but one could probably find enough whitespace/punctuation entropy in comments to generate enough collisions to produce at least some effect, even if you can't find enough to lock up a system.
Also, AIUI, pull requests are unconventional and might be ignored, but if you send the patch series directly to the list, the implicit rebasing will destroy the object ids (and therefore the collisions) - unless all the collisions are in file blobs and none of the files have been touched before your patches are applied.
Anyone any idea how plausible/expensive that attack would be?