Index: head/sys/netinet/in_pcb.c
===================================================================
--- head/sys/netinet/in_pcb.c
+++ head/sys/netinet/in_pcb.c
@@ -1632,6 +1632,7 @@
 	struct inpcbhead *head;
 	struct inpcb *inp, *tmpinp;
 	u_short fport = fport_arg, lport = lport_arg;
+	bool locked;
 
 	/*
 	 * First look for an exact match.
@@ -1818,18 +1819,32 @@
 	return (NULL);
 
 found:
-	in_pcbref(inp);
-	INP_GROUP_UNLOCK(pcbgroup);
-	if (lookupflags & INPLOOKUP_WLOCKPCB) {
-		INP_WLOCK(inp);
-		if (in_pcbrele_wlocked(inp))
-			return (NULL);
-	} else if (lookupflags & INPLOOKUP_RLOCKPCB) {
-		INP_RLOCK(inp);
-		if (in_pcbrele_rlocked(inp))
-			return (NULL);
-	} else
+	if (lookupflags & INPLOOKUP_WLOCKPCB)
+		locked = TRY_INP_WLOCK(inp);
+	else if (lookupflags & INPLOOKUP_RLOCKPCB)
+		locked = TRY_INP_RLOCK(inp);
+	else
 		panic("%s: locking bug", __func__);
+	if (!locked)
+		in_pcbref(inp);
+	INP_GROUP_UNLOCK(pcbgroup);
+	if (!locked) {
+		if (lookupflags & INPLOOKUP_WLOCKPCB) {
+			INP_WLOCK(inp);
+			if (in_pcbrele_wlocked(inp))
+				return (NULL);
+		} else {
+			INP_RLOCK(inp);
+			if (in_pcbrele_rlocked(inp))
+				return (NULL);
+		}
+	}
+#ifdef INVARIANTS
+	if (lookupflags & INPLOOKUP_WLOCKPCB)
+		INP_WLOCK_ASSERT(inp);
+	else
+		INP_RLOCK_ASSERT(inp);
+#endif
 	return (inp);
 }
 #endif /* PCBGROUP */
@@ -1968,23 +1983,38 @@
     struct ifnet *ifp)
 {
 	struct inpcb *inp;
+	bool locked;
 
 	INP_HASH_RLOCK(pcbinfo);
 	inp = in_pcblookup_hash_locked(pcbinfo, faddr, fport, laddr, lport,
 	    (lookupflags & ~(INPLOOKUP_RLOCKPCB | INPLOOKUP_WLOCKPCB)), ifp);
 	if (inp != NULL) {
-		in_pcbref(inp);
-		INP_HASH_RUNLOCK(pcbinfo);
-		if (lookupflags & INPLOOKUP_WLOCKPCB) {
-			INP_WLOCK(inp);
-			if (in_pcbrele_wlocked(inp))
-				return (NULL);
-		} else if (lookupflags & INPLOOKUP_RLOCKPCB) {
-			INP_RLOCK(inp);
-			if (in_pcbrele_rlocked(inp))
-				return (NULL);
-		} else
+		if (lookupflags & INPLOOKUP_WLOCKPCB)
+			locked = INP_TRY_WLOCK(inp);
+		else if (lookupflags & INPLOOKUP_RLOCKPCB)
+			locked = INP_TRY_RLOCK(inp);
+		else
 			panic("%s: locking bug", __func__);
+		if (!locked)
+			in_pcbref(inp);
+		INP_HASH_RUNLOCK(pcbinfo);
+		if (!locked) {
+			if (lookupflags & INPLOOKUP_WLOCKPCB) {
+				INP_WLOCK(inp);
+				if (in_pcbrele_wlocked(inp))
+					return (NULL);
+			} else {
+				INP_RLOCK(inp);
+				if (in_pcbrele_rlocked(inp))
+					return (NULL);
+			}
+		}
+#ifdef INVARIANTS
+		if (lookupflags & INPLOOKUP_WLOCKPCB)
+			INP_WLOCK_ASSERT(inp);
+		else
+			INP_RLOCK_ASSERT(inp);
+#endif
 	} else
 		INP_HASH_RUNLOCK(pcbinfo);
 	return (inp);
Index: head/sys/netinet6/in6_pcb.c
===================================================================
--- head/sys/netinet6/in6_pcb.c
+++ head/sys/netinet6/in6_pcb.c
@@ -868,6 +868,7 @@
 	struct inpcbhead *head;
 	struct inpcb *inp, *tmpinp;
 	u_short fport = fport_arg, lport = lport_arg;
+	bool locked;
 
 	/*
 	 * First look for an exact match.
@@ -1026,18 +1027,32 @@
 	return (NULL);
 
 found:
-	in_pcbref(inp);
-	INP_GROUP_UNLOCK(pcbgroup);
-	if (lookupflags & INPLOOKUP_WLOCKPCB) {
-		INP_WLOCK(inp);
-		if (in_pcbrele_wlocked(inp))
-			return (NULL);
-	} else if (lookupflags & INPLOOKUP_RLOCKPCB) {
-		INP_RLOCK(inp);
-		if (in_pcbrele_rlocked(inp))
-			return (NULL);
-	} else
+	if (lookupflags & INPLOOKUP_WLOCKPCB)
+		locked = INP_TRY_WLOCK(inp);
+	else if (lookupflags & INPLOOKUP_RLOCKPCB)
+		locked = INP_TRY_RLOCK(inp);
+	else
 		panic("%s: locking buf", __func__);
+	if (!locked)
+		in_pcbref(inp);
+	INP_GROUP_UNLOCK(pcbgroup);
+	if (!locked) {
+		if (lookupflags & INPLOOKUP_WLOCKPCB) {
+			INP_WLOCK(inp);
+			if (in_pcbrele_wlocked(inp))
+				return (NULL);
+		} else {
+			INP_RLOCK(inp);
+			if (in_pcbrele_rlocked(inp))
+				return (NULL);
+		}
+	}
+#ifdef INVARIANTS
+	if (lookupflags & INPLOOKUP_WLOCKPCB)
+		INP_WLOCK_ASSERT(inp);
+	else
+		INP_RLOCK_ASSERT(inp);
+#endif
 	return (inp);
 }
 #endif /* PCBGROUP */
@@ -1163,23 +1178,38 @@
     struct ifnet *ifp)
 {
 	struct inpcb *inp;
+	bool locked;
 
 	INP_HASH_RLOCK(pcbinfo);
 	inp = in6_pcblookup_hash_locked(pcbinfo, faddr, fport, laddr, lport,
 	    (lookupflags & ~(INPLOOKUP_RLOCKPCB | INPLOOKUP_WLOCKPCB)), ifp);
 	if (inp != NULL) {
-		in_pcbref(inp);
-		INP_HASH_RUNLOCK(pcbinfo);
-		if (lookupflags & INPLOOKUP_WLOCKPCB) {
-			INP_WLOCK(inp);
-			if (in_pcbrele_wlocked(inp))
-				return (NULL);
-		} else if (lookupflags & INPLOOKUP_RLOCKPCB) {
-			INP_RLOCK(inp);
-			if (in_pcbrele_rlocked(inp))
-				return (NULL);
-		} else
+		if (lookupflags & INPLOOKUP_WLOCKPCB)
+			locked = INP_TRY_WLOCK(inp);
+		else if (lookupflags & INPLOOKUP_RLOCKPCB)
+			locked = INP_TRY_RLOCK(inp);
+		else
 			panic("%s: locking bug", __func__);
+		if (!locked)
+			in_pcbref(inp);
+		INP_HASH_RUNLOCK(pcbinfo);
+		if (!locked) {
+			if (lookupflags & INPLOOKUP_WLOCKPCB) {
+				INP_WLOCK(inp);
+				if (in_pcbrele_wlocked(inp))
+					return (NULL);
+			} else {
+				INP_RLOCK(inp);
+				if (in_pcbrele_rlocked(inp))
+					return (NULL);
+			}
+		}
+#ifdef INVARIANTS
+		if (lookupflags & INPLOOKUP_WLOCKPCB)
+			INP_WLOCK_ASSERT(inp);
+		else
+			INP_RLOCK_ASSERT(inp);
+#endif
 	} else
 		INP_HASH_RUNLOCK(pcbinfo);
 	return (inp);