DF-0211
No negative-size guard on ccmax in clist_alloc_cblocks
Summary
ccmax signed int never checked <0. kmalloc(ccmax*sizeof(short)) with negative ccmax -> huge size_t. M_INTWAIT no M_NULLOK -> panic. Callers pass clamped positive values. Hardening.