To reproduce the issue you must load pf module and create the jail with vnet option. # cat /etc/jail.conf path = "/usr/jail/${name}"; exec.clean; exec.prestart = "ifconfig epair${epairid} create"; exec.prestart += "ifconfig epair${epairid}a inet6 ifdisabled up"; exec.prestart += "ifconfig bridge0 addm epair${epairid}a"; exec.created = "cpuset -l 1 -j ${name}"; exec.start = "ifconfig epair${epairid}b ether 02:ef:a4:c1:60:0${epairid}"; exec.start += "ifconfig epair${epairid}b inet ${ipaddress} netmask ${netmask}"; exec.start += "route add default ${gateway}"; exec.start += "sh /etc/rc"; exec.stop = "sh /etc/rc.shutdown jail"; exec.poststop = "ifconfig epair${epairid}a destroy"; host.hostname = "${name}"; mount.devfs; vnet; vnet.interface = "epair${epairid}b"; test1 { $epairid = 1; $ipaddress = 192.168.0.101; $netmask = 255.255.255.0; $gateway = 192.168.0.1; } test2 { $epairid = 2; $ipaddress = 192.168.0.102; $netmask = 255.255.255.0; $gateway = 192.168.0.1; } # ifconfig bridge0 create # kldload pf # service jail onestart Starting jails: test1 test2. # procstat -t 12 | egrep 'PID|swi1' PID TID COMM TDNAME CPU PRI STATE WCHAN 12 100031 intr swi1: netisr 0 -1 28 wait - 12 100134 intr swi1: pf send -1 28 wait - 12 100138 intr swi1: pf send -1 28 wait - 12 100147 intr swi1: pf send -1 28 wait - # service jail onerestart Stopping jails: test1 test2. Starting jails: test1 test2. # service jail onerestart Stopping jails: test1 test2. Starting jails: test1 test2. # service jail onestop Stopping jails: test1 test2. # procstat -t 12 | egrep 'PID|swi1' PID TID COMM TDNAME CPU PRI STATE WCHAN 12 100031 intr swi1: netisr 0 -1 28 wait - 12 100134 intr swi1: pf send -1 28 wait - 12 100138 intr swi1: -1 47 wait - 12 100147 intr swi1: -1 47 wait - 12 100157 intr swi1: -1 47 wait - 12 100158 intr swi1: -1 47 wait - 12 100159 intr swi1: -1 47 wait - 12 100160 intr swi1: -1 47 wait -
Confimed. That's due to a bit of an unfortunate design choice in swi_remove() which means we have to call intr_event_destroy() ourselves (and track the intr_event...). It also affects pfsync, but both are fairly straightforward to fix. See https://reviews.freebsd.org/D29211
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=cecfaf9bede9665d6a10f1e575cd5d575450cff7 commit cecfaf9bede9665d6a10f1e575cd5d575450cff7 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-03-10 21:56:11 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-03-12 11:12:43 +0000 pf: Fully remove interrupt events on vnet cleanup swi_remove() removes the software interrupt handler but does not remove the associated interrupt event. This is visible when creating and remove a vnet jail in `procstat -t 12`. We can remove it manually with intr_event_destroy(). PR: 254171 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29211 sys/net/pfvar.h | 2 ++ sys/netpfil/pf/if_pfsync.c | 10 ++++++++-- sys/netpfil/pf/pf.c | 1 + sys/netpfil/pf/pf_ioctl.c | 8 ++++++-- 4 files changed, 17 insertions(+), 4 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=71d3d485cca87a29792989a83a4cbaefba8f2413 commit 71d3d485cca87a29792989a83a4cbaefba8f2413 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-03-10 21:56:11 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-03-19 22:41:27 +0000 pf: Fully remove interrupt events on vnet cleanup swi_remove() removes the software interrupt handler but does not remove the associated interrupt event. This is visible when creating and remove a vnet jail in `procstat -t 12`. We can remove it manually with intr_event_destroy(). PR: 254171 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29211 (cherry picked from commit cecfaf9bede9665d6a10f1e575cd5d575450cff7) sys/net/pfvar.h | 2 ++ sys/netpfil/pf/if_pfsync.c | 10 ++++++++-- sys/netpfil/pf/pf.c | 1 + sys/netpfil/pf/pf_ioctl.c | 8 ++++++-- 4 files changed, 17 insertions(+), 4 deletions(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=f11b9574cd186762c4883e8819896c6475be3027 commit f11b9574cd186762c4883e8819896c6475be3027 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-03-10 21:56:11 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-03-19 22:42:27 +0000 pf: Fully remove interrupt events on vnet cleanup swi_remove() removes the software interrupt handler but does not remove the associated interrupt event. This is visible when creating and remove a vnet jail in `procstat -t 12`. We can remove it manually with intr_event_destroy(). PR: 254171 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29211 (cherry picked from commit cecfaf9bede9665d6a10f1e575cd5d575450cff7) sys/net/pfvar.h | 2 ++ sys/netpfil/pf/if_pfsync.c | 10 ++++++++-- sys/netpfil/pf/pf.c | 1 + sys/netpfil/pf/pf_ioctl.c | 9 ++++++--- 4 files changed, 17 insertions(+), 5 deletions(-)