DF-0577
Integer overflow in SLIOCSKEEPAL/SLIOCSOUTFILL interval computation: tight callout loop DoS
Summary
sc_keepalive=*(u_int*)data*hz(:398) sc_outfill=*(u_int*)data*hz(:416) unsigned 32-bit multiply no overflow check. _IOW(...,int) so negative int(-1=>0xFFFFFFFF) or value>=4294967 at hz=1000 wraps to small/near-zero -> callout_reset tight re-fire loop -> high CPU local DoS. Root-only SLIPDISC. Fix: validate v!=0&&v<=SL_MAX_INTERVAL before multiply.