Google's syzkaller has found thousands of real Linux kernel bugs this way, including use-after-free and out-of-bounds vulnerabilities that earned CVEs, precisely by fuzzing syscall arguments like the ones you generate here (NULL pointers, negative fds, boundary sizes). The crash-catching pattern with `sigsetjmp`/`siglongjmp` mirrors how real fuzzing harnesses keep running after a target syscall corrupts memory instead of taking down the entire fuzzer process.