diff --git a/sys/sys/kassert.h b/sys/sys/kassert.h
--- a/sys/sys/kassert.h
+++ b/sys/sys/kassert.h
@@ -144,9 +144,12 @@
 	if (__predict_false(!(exp)))					\
 		kassert_panic msg;					\
 } while (0)
+#define KASSERTE(exp, msg)						\
+	((__predict_false(!(exp))) ? (kassert_panic msg) : (void)0)
 #else /* !(KERNEL && INVARIANTS) && !_STANDALONE */
 #define	KASSERT(exp,msg) do { \
 } while (0)
+#define KASSERTE(exp, msg) ((void)0)
 #endif /* (_KERNEL && INVARIANTS) || _STANDALONE */
 
 #ifdef _KERNEL
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -103,10 +103,30 @@
  * type:
  *
  * mtod(m, t)	-- Convert mbuf pointer to data pointer of correct type.
- * mtodo(m, o) -- Same as above but with offset 'o' into data.
+ * mtodo(m, o)	-- Same as above but with offset 'o' into data.
+ *
+ * The counterparts with assertions, mostly targeting read cases:
+ * mtod_(m, t)
+ * mtodo_(m, o)
  */
 #define	mtod(m, t)	((t)((m)->m_data))
 #define	mtodo(m, o)	((void *)(((m)->m_data) + (o)))
+#define mtod_(m, t) (							\
+	KASSERTE(m->m_len >= sizeof(*((t)((m)->m_data))),		\
+	    ("%s: mtod_(): m_len=%d < %zu of expected data len @ %s:%d",\
+	    __func__, m->m_len, sizeof(*((t)((m)->m_data))),		\
+	    __FILE__, __LINE__))					\
+	,								\
+	((t)((m)->m_data))						\
+)
+#define mtodo_(m, o) (							\
+	KASSERTE(m->m_len >= (o) + 1),					\
+	    ("%s: mtodo_(): m_len=%d < %zu of expected data len @ %s:%d",\
+	    __func__, m->m_len, (o) + 1,				\
+	    __FILE__, __LINE__))					\
+	,								\
+	((void *)(((m)->m_data) + (o)))					\
+)
 
 /*
  * Argument structure passed to UMA routines during mbuf and packet