Hi, callout(9) says:
callout_destroy() destroys the callout, preventing further use. ... The callout should be stopped before callout_destroy() is called by calling callout_halt(). Note that callout_stop() shouldn't be used for this purpose. Some users use callout_stop: ./dev/usb/if_run.c Also, some code does this: ./netbt/hci_link.c: callout_stop(&link->hl_expire); ./netbt/hci_link.c- if (callout_invoking(&link->hl_expire)) ./netbt/hci_link.c- return; ./netbt/hci_link.c- ./netbt/hci_link.c- callout_destroy(&link->hl_expire); I am not sure this is wrong. Other code seems odd, e.g. agr does: agrtimer_stop(sc); (callout_stop) (*sc->sc_iftop->iftop_dtor)(sc); carp: 887 if_detach(ifp); (carpdetach -> callout_stop) 888 callout_destroy(&sc->sc_ad_tmo); So, this is common and non-obvious. (Maybe not a big deal with few things being MPSAFE?) - Can I blindly change run(4) to callout_halt? - If it's a big deal, maybe add a flag CALLOUT_UNHALTED* remove on _halt, and assert it's removed on _destroy? * with better name