commit 987cd93bb90597d81e39ca6c968550bf129b8747
Author: evangyzen <eric_van_gyzen@dell.com>
Date:   Tue Feb 24 14:25:08 2015 -0500

    When locking a PI mutex, restore original owner on a rare error path
    
    When failing to claim ownership of a umtx_pi,
    restore the umutex owner to its previous, unowned state.
    This avoids compounding an existing problem of inconsistent ownership.
    
    Submitted by: Eric van Gyzen <eric_van_gyzen@dell.com>
    Obtained from: Dell Inc.

diff --git a/sys/kern/kern_umtx.c b/sys/kern/kern_umtx.c
index cc7c16d..11f312a 100644
--- a/sys/kern/kern_umtx.c
+++ b/sys/kern/kern_umtx.c
@@ -1741,6 +1741,17 @@ do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags,
 				error = umtx_pi_claim(pi, td);
 				umtxq_unbusy(&uq->uq_key);
 				umtxq_unlock(&uq->uq_key);
+				if (error) {
+					/*
+					 * Since we're going to return an
+					 * error, restore the m_owner to its
+					 * previous, unowned state to avoid
+					 * compounding the problem.
+					 */
+					(void) casuword32(&m->m_owner,
+						id | UMUTEX_CONTESTED,
+						UMUTEX_CONTESTED);
+				}
 				break;
 			}