[TCP]: Fix bug #5070: kernel BUG at net/ipv4/tcp_output.c:864

	u16 flags;

	/* All of a TSO frame must be composed of paged data.  */

	BUG_ON(skb->len != skb->data_len);

	if (skb->len != skb->data_len)

		return tcp_fragment(sk, skb, len, mss_now);

	buff = sk_stream_alloc_pskb(sk, 0, 0, GFP_ATOMIC);

	if (unlikely(buff == NULL))

	sent_pkts = 0;

	while ((skb = sk->sk_send_head)) {

		unsigned int limit;

		tso_segs = tcp_init_tso_segs(sk, skb, mss_now);

		BUG_ON(!tso_segs);

				break;

		}

		limit = mss_now;

		if (tso_segs > 1) {

			u32 limit = tcp_window_allows(tp, skb,

			limit = tcp_window_allows(tp, skb,

						  mss_now, cwnd_quota);

			if (skb->len < limit) {

				if (trim)

					limit = skb->len - trim;

			}

			if (skb->len > limit) {

				if (tso_fragment(sk, skb, limit, mss_now))

					break;

		}

		} else if (unlikely(skb->len > mss_now)) {

			if (unlikely(tcp_fragment(sk, skb,  mss_now, mss_now)))

		if (skb->len > limit &&

		    unlikely(tso_fragment(sk, skb, limit, mss_now)))

			break;

		}

		TCP_SKB_CB(skb)->when = tcp_time_stamp;

	cwnd_quota = tcp_snd_test(sk, skb, mss_now, TCP_NAGLE_PUSH);

	if (likely(cwnd_quota)) {

		unsigned int limit;

		BUG_ON(!tso_segs);

		limit = mss_now;

		if (tso_segs > 1) {

			u32 limit = tcp_window_allows(tp, skb,

			limit = tcp_window_allows(tp, skb,

						  mss_now, cwnd_quota);

			if (skb->len < limit) {

				if (trim)

					limit = skb->len - trim;

			}

			if (skb->len > limit) {

				if (unlikely(tso_fragment(sk, skb, limit, mss_now)))

					return;

		}

		} else if (unlikely(skb->len > mss_now)) {

			if (unlikely(tcp_fragment(sk, skb, mss_now, mss_now)))

		if (skb->len > limit &&

		    unlikely(tso_fragment(sk, skb, limit, mss_now)))

			return;

		}

		/* Send it out now. */

		TCP_SKB_CB(skb)->when = tcp_time_stamp;