diff --git a/SOURCES/bind-9.11-rh1935152.patch b/SOURCES/bind-9.11-rh1935152.patch
new file mode 100644
index 0000000..b976a89
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1935152.patch
@@ -0,0 +1,38 @@
+From c0134bbea5573b1911d204b28eb8c71351a0173f Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Fri, 18 Dec 2020 13:31:07 +1100
+Subject: [PATCH] Inactive incorrectly incremented
+
+It is possible to have two threads destroying an rbtdb at the same
+time when detachnode() executes and removes the last reference to
+a node between exiting being set to true for the node and testing
+if the references are zero in maybe_free_rbtdb().  Move NODE_UNLOCK()
+to after checking if references is zero to prevent detachnode()
+changing the reference count too early.
+
+(cherry picked from commit 859d2fdad6d1c6ff20083a4c463a929cbeb26438)
+(cherry picked from commit 25150c15e7cfa73289f04470e2e699ebb7c28fef)
+---
+ lib/dns/rbtdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
+index 29778d79a5..b01b44c4c7 100644
+--- a/lib/dns/rbtdb.c
++++ b/lib/dns/rbtdb.c
+@@ -1399,11 +1399,11 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) {
+ 	for (i = 0; i < rbtdb->node_lock_count; i++) {
+ 		NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
+ 		rbtdb->node_locks[i].exiting = ISC_TRUE;
+-		NODE_UNLOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
+ 		if (isc_refcount_current(&rbtdb->node_locks[i].references)
+ 		    == 0) {
+ 			inactive++;
+ 		}
++		NODE_UNLOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write);
+ 	}
+ 
+ 	if (inactive != 0) {
+-- 
+2.26.3
+
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index 90ea9e4..98c23b4 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -64,7 +64,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.4
-Release:  26%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.8
+Release:  26%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.9
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 #
@@ -182,6 +182,7 @@ Patch195: bind-9.11-CVE-2021-25215.patch
 # https://gitlab.isc.org/isc-projects/bind9/commit/dfadbc9d7b485b1af62d77ad6c309792bbaabfdf
 Patch196: bind-9.11-CVE-2021-25214.patch
 Patch197: bind-9.11-rh2011220.patch
+Patch198: bind-9.11-rh1935152.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -556,6 +557,7 @@ are used for building ISC DHCP.
 %patch195 -p1 -b .CVE-2021-25215
 %patch196 -p1 -b .CVE-2021-25214
 %patch197 -p1 -b .rh2011220
+%patch198 -p1 -b .rh1935152
 
 # Override upstream builtin keys
 cp -fp %{SOURCE29} bind.keys
@@ -1537,6 +1539,10 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Mon Jan 24 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-26.P2.9
+- Fix possible assertion failure isc_refcount_current == 0 in free_rbtdb
+  (#1935152)
+
 * Thu Oct 14 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-26.P2.8
 - Prevent a race after zone load (#2011220)
 
@@ -1549,6 +1555,7 @@ rm -rf ${RPM_BUILD_ROOT}
 * Tue Apr 27 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-26.P2.5
 - Possible assertion failure on DNAME processing (CVE-2021-25215)
 
+
 * Mon Feb 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-26.P2.4
 - Fix off-by-one bug in ISC SPNEGO implementation (CVE-2020-8625)