diff --git a/sys/kern/vfs_lockf.c b/sys/kern/vfs_lockf.c
index 897187c2226d..f4205bedc64f 100644
--- a/sys/kern/vfs_lockf.c
+++ b/sys/kern/vfs_lockf.c
@@ -815,6 +815,8 @@ lf_advlock(struct vop_advlock_args *ap, struct lockf **head, off_t size)
 	off_t start, end;
 	int error = 0;
 
+	KASSERTMSG(size >= 0, "size=%jd", (intmax_t)size);
+
 	/*
 	 * Convert the flock structure into a start and end.
 	 */
@@ -829,6 +831,8 @@ lf_advlock(struct vop_advlock_args *ap, struct lockf **head, off_t size)
 		break;
 
 	case SEEK_END:
+		if (fl->l_start > __type_max(off_t) - size)
+			return EINVAL;
 		start = size + fl->l_start;
 		break;
 
@@ -839,10 +843,14 @@ lf_advlock(struct vop_advlock_args *ap, struct lockf **head, off_t size)
 	if (fl->l_len == 0)
 		end = -1;
 	else {
-		if (fl->l_len > 0)
+		if (fl->l_len >= 0) {
+			if (fl->l_len - 1 > __type_max(off_t) - start)
+				return EINVAL;
 			end = start + fl->l_len - 1;
-		else {
+		} else {
 			/* lockf() allows -ve lengths */
+			if (start < 0)
+				return EINVAL;
 			end = start - 1;
 			start += fl->l_len;
 		}