DF-0460
status_frac / tx_frac sysctls have no upper bound: signed int overflow in ifpoll_compat_setup
Summary
sysctl_stfrac(:1497)/sysctl_txfrac(:1535) reject <1 but no upper bound. Root can set INT_MAX. ifpoll_compat_setup(:1569-1570) (poll_stfrac+1)*howmany(IOPOLL_BURST_MAX,IOPOLL_EACH_BURST)-1 multiplies INT_MAX*5 = signed int overflow UB. Garbage ifpc_stfrac feeds driver compat polling state. No memory corruption. Fix: upper-bound clamp.