Index: sys/netinet/tcp_input.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_input.c,v
retrieving revision 1.413
diff -u -r1.413 tcp_input.c
--- sys/netinet/tcp_input.c	8 Nov 2018 06:43:52 -0000	1.413
+++ sys/netinet/tcp_input.c	28 May 2019 14:31:40 -0000
@@ -272,6 +272,26 @@
 #endif
 
 /*
+ * Wrap around a pointer dereference for UBSan.
+ *
+ * This access can be misaligned on less strict CPUs.
+ */
+#if defined(__clang__)
+__attribute__((no_sanitize("undefined")))
+#else
+__attribute__((no_sanitize_undefined))
+#endif
+static inline uint32_t
+get_uint32(void *p)
+{
+#ifndef __NO_STRICT_ALIGNMENT
+	KASSERT((((vaddr_t) (p)) & 3) == 0);
+#endif
+
+	return *(uint32_t *)p;
+}
+
+/*
  * Compute ACK transmission behavior.  Delay the ACK unless
  * we have already delayed an ACK (must send an ACK every two segments).
  * We also ACK immediately if we received a PUSH and the ACK-on-PUSH
@@ -1350,11 +1370,11 @@
 		if ((optlen == TCPOLEN_TSTAMP_APPA ||
 		     (optlen > TCPOLEN_TSTAMP_APPA &&
 		      optp[TCPOLEN_TSTAMP_APPA] == TCPOPT_EOL)) &&
-		    *(u_int32_t *)optp == htonl(TCPOPT_TSTAMP_HDR) &&
+		    get_uint32(optp) == htonl(TCPOPT_TSTAMP_HDR) &&
 		    (th->th_flags & TH_SYN) == 0) {
 			opti.ts_present = 1;
-			opti.ts_val = ntohl(*(u_int32_t *)(optp + 4));
-			opti.ts_ecr = ntohl(*(u_int32_t *)(optp + 8));
+			opti.ts_val = ntohl(get_uint32(optp + 4));
+			opti.ts_ecr = ntohl(get_uint32(optp + 8));
 			optp = NULL;	/* we've parsed the options */
 		}
 	}