tcp-bad-option-len
This counter is incremented and the packet is dropped when the security appliance receives a TCP packet with a TCP option set, but the option length does not match the length defined for that option in the TCP RFC.
The packet corruption may be caused by a bad cable or noise on the line. It may also be that a TCP endpoint is sending corrupted packets and an attack is in progress. Please use the packet capture feature to learn more about the origin of the packet
You may be able to use the tcp-options command to fix if you can identify what and where the packet is originating.
Check this link for more info
http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9fc.html#wp1088604