diff --git a/[refs] b/[refs]
index 5fc72ed3c0cb..7ea2097a1a7a 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 56558208521729fa6b2a0f12df22e1569dee297a
+refs/heads/master: 3746a2b1402e7933c7f1eabdce384b8454dc2ef7
diff --git a/trunk/net/netfilter/nf_conntrack_proto_tcp.c b/trunk/net/netfilter/nf_conntrack_proto_tcp.c
index 156680ddb042..5a6fcf349bdf 100644
--- a/trunk/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/trunk/net/netfilter/nf_conntrack_proto_tcp.c
@@ -970,6 +970,12 @@ static int tcp_packet(struct nf_conn *conntrack,
 		    		conntrack->timeout.function((unsigned long)
 		    					    conntrack);
 		    	return -NF_REPEAT;
+		} else {
+			write_unlock_bh(&tcp_lock);
+			if (LOG_INVALID(IPPROTO_TCP))
+				nf_log_packet(pf, 0, skb, NULL, NULL,
+					      NULL, "nf_ct_tcp: invalid SYN");
+			return -NF_ACCEPT;
 		}
 	case TCP_CONNTRACK_CLOSE:
 		if (index == TCP_RST_SET