From c4982fae5930a7a57160d9eeff35cfcf34a09633 Mon Sep 17 00:00:00 2001
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Sun, 7 Sep 2008 11:38:30 +0000
Subject: [PATCH] Add a second KASSERT checking for len >= 0 in the tcp output
 path.

This is different to the first one (as len gets updated between those
two) and would have caught various edge cases (read bugs) at a well
defined place I had been debugging the last months instead of
triggering (random) panics further down the call graph.

MFC after:	2 months
---
 sys/netinet/tcp_output.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index 1e6e53e1c254..75f3038d6c85 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -392,7 +392,7 @@ after_sack_rexmit:
 	}
 
 	/* len will be >= 0 after this point. */
-	KASSERT(len >= 0, ("%s: len < 0", __func__));
+	KASSERT(len >= 0, ("[%s:%d]: len < 0", __func__, __LINE__));
 
 	/*
 	 * Automatic sizing of send socket buffer.  Often the send buffer
@@ -745,6 +745,12 @@ send:
 		panic("tcphdr too big");
 /*#endif*/
 
+	/*
+	 * This KASSERT is here to catch edge cases at a well defined place.
+	 * Before, those had triggered (random) panic conditions further down.
+	 */
+	KASSERT(len >= 0, ("[%s:%d]: len < 0", __func__, __LINE__));
+
 	/*
 	 * Grab a header mbuf, attaching a copy of data to
 	 * be transmitted, and initialize the header from