Tested source identity for CVE-2026-31694 variant stage Prepared source tree: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/linux-src Prepared build tree: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/linux-build-nokasan-fuse Makefile version observed by reproduction script: 6.18.18 Public Linux stable tag resolution command: git ls-remote --tags https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git refs/tags/v6.18.18 Resolved tag object/ref SHA observed: 81b199e5808997dc9762539fbaec35f7cf203133 Fixed module tested: bundle/vuln_variant/fuse-readdirplus-fixed.ko (copied from bundle/repro/fuse-nokasan-fixed.ko) Fix semantics tested: sink-level guard in fs/fuse/readdir.c:fuse_add_dirent_to_cache(): if (reclen > PAGE_SIZE) return; Runtime kernel version printed by QEMU guest: 6.18.18 Outcome: READDIRPLUS alternate trigger reproduced on vulnerable module; fixed module blocked it, so no bypass was confirmed. 81b199e5808997dc9762539fbaec35f7cf203133 refs/tags/v6.18.18 3318f10fa28986dc5767444de585e00369c4ace3 refs/tags/v6.18.18^{}