Testing 2.0 and 2.1 Head.
I am running a test that requires frequent ejections of cache entities:
max_cache_size and max_object_count are smaller than my sampling.
2 threads running at the concurrently on 2 CPUs.
Thread1(T1): an entry is ejected from the cache in cache_insert(),
resulting in a call to memcahe_cache_free() [c->free_entry(ejected)].
Refcount is 1, obj->cleanup is 0.
T2: a thread is calling apr_pool_clear() in worker_main/worker_thread()
in the mpm main function (using worker|netware). That thread is calling
decrement_refcount(), the registered cleanup function in mod_mem_cache.c.
Both threads are working on the same cache_object.
Refcount is 1, obj->cleanup is 0 when entering decrement_refcount().
Then there is a race in both functions where the atomic_dec in
decrement_refcount() will change the refcount to 0
It should not be possibe for two threads to atomically decrement the refcount on the same object to 0. Sounds like a bug in netware's apr_atomic_dec() function.
Bill
