DF-0461
Potential signed integer overflow in kern_load burst-adaptation math
Summary
Line :1019 kern_load=(kern_load*pollhz)/10000 both int32. pollhz up to 30049. Mul overflows int when single poll cycle >71ms (the very stall scenario iopoll_clock detects). Signed int overflow UB. Wrong burst direction only. No memory corruption. Not attacker-controlled. Fix: cast int64 before mul.