FILE_SET_MATURE() shouldn't be called while holding the NET_LOCK(). Because if it releases the last reference of a file it will call soclose() and try to grab the lock again.
I posted a regression test in the following thread: https://marc.info/?l=openbsd-tech&m=152637351632752&w=2 Diff below fixes that, ok? Index: kern/uipc_syscalls.c =================================================================== RCS file: /cvs/src/sys/kern/uipc_syscalls.c,v retrieving revision 1.170 diff -u -p -r1.170 uipc_syscalls.c --- kern/uipc_syscalls.c 8 May 2018 08:53:41 -0000 1.170 +++ kern/uipc_syscalls.c 21 May 2018 11:34:54 -0000 @@ -338,6 +338,8 @@ doaccept(struct proc *p, int sock, struc fp->f_flag = FREAD | FWRITE | nflag; fp->f_ops = &socketops; error = soaccept(so, nam); +out: + sounlock(s); if (!error && name != NULL) error = copyaddrout(p, nam, name, namelen, anamelen); if (!error) { @@ -349,8 +351,6 @@ doaccept(struct proc *p, int sock, struc FILE_SET_MATURE(fp, p); *retval = tmpfd; } -out: - sounlock(s); m_freem(nam); if (error) { fdplock(fdp);