From 854348219cbec2a43a8facd1a427afa41b75785f Mon Sep 17 00:00:00 2001
From: tjr <tjr@FreeBSD.org>
Date: Thu, 1 May 2003 06:41:59 +0000
Subject: [PATCH] Do not attempt to free NULL dinodes (i_din1 or i_din2) in
 ffs_ifree(). These fields can be left as NULL if ffs_vget() allocates an
 inode but fails before the dinode memory has been allocated. There are two
 cases when this can occur: when we lose a race and another process has added
 the inode to the hash, and when reading the inode off disk fails.

The bug was observed by Kris on one of the package-building machines.
See http://marc.theaimsgroup.com/?l=freebsd-current&m=105172731013411&w=2
In Kris's case, it was the bread() that failed because of a disk error.

The alternative to this patch is to ensure that ffs_vget() does not call
vput() when the inode that hasn't been properly initialised.
---
 sys/ufs/ffs/ffs_vfsops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c
index 3c7b0451b58e..f92aa2ff0a8e 100644
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@@ -1540,9 +1540,9 @@ static void
 ffs_ifree(struct ufsmount *ump, struct inode *ip)
 {
 
-	if (ump->um_fstype == UFS1)
+	if (ump->um_fstype == UFS1 && ip->i_din1 != NULL)
 		uma_zfree(uma_ufs1, ip->i_din1);
-	else
+	else if (ip->i_din2 != NULL)
 		uma_zfree(uma_ufs2, ip->i_din2);
 	uma_zfree(uma_inode, ip);
 }