diff --git a/[refs] b/[refs]
index d9d998b64ed1..556552684dd1 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 5ecb01cfdf96c5f465192bdb2a4fd4a61a24c6cc
+refs/heads/master: 51246bfd189064079c54421507236fd2723b18f3
diff --git a/trunk/kernel/futex.c b/trunk/kernel/futex.c
index 17828033a639..06e8240d2abe 100644
--- a/trunk/kernel/futex.c
+++ b/trunk/kernel/futex.c
@@ -758,6 +758,13 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this)
 	if (!pi_state)
 		return -EINVAL;
 
+	/*
+	 * If current does not own the pi_state then the futex is
+	 * inconsistent and user space fiddled with the futex value.
+	 */
+	if (pi_state->owner != current)
+		return -EINVAL;
+
 	raw_spin_lock(&pi_state->pi_mutex.wait_lock);
 	new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);