Index: sys/netinet/ip_output.c
===================================================================
--- sys/netinet/ip_output.c
+++ sys/netinet/ip_output.c
@@ -1242,12 +1242,18 @@
 		switch (sopt->sopt_name) {
 		case IP_OPTIONS:
 		case IP_RETOPTS:
-			if (inp->inp_options)
+			if (inp->inp_options) {
+				unsigned long len = ulmin(inp->inp_options->m_len, sopt->sopt_valsize);
+				struct mbuf *options = malloc(len, M_TEMP, M_WAITOK);
+				INP_RLOCK(inp);
+				bcopy(inp->inp_options, options, len);
+				INP_RUNLOCK(inp);
 				error = sooptcopyout(sopt,
-						     mtod(inp->inp_options,
+						     mtod(options,
 							  char *),
-						     inp->inp_options->m_len);
-			else
+						     len);
+				free(options, M_TEMP);
+			} else
 				sopt->sopt_valsize = 0;
 			break;