Skip to main content
ssanga
Staff & Editor
ssanga
Staff & Editor
February 3, 2025

Technical Tip: CPU Utilization of 'cmdbsrv' daemon remains high for approximately 11 minutes after rebooting FortiGate

  • February 3, 2025
  • 0 replies
  • 3568 views
Description This article provides a solution for an issue where the 'cmdbsrv' daemon on FortiGate devices experiences high CPU utilization (85% to 90%) for approximately 11 minutes after a reboot leading to temporary performance issues.
Scope FortiGate v7.6.1.
Solution

After rebooting the FortiGate, the 'cmdbsrv' daemon exhibits high CPU utilization, typically between 85% and 90%, for about 11 minutes. Once this period elapses, the CPU utilization of the 'cmdbsrv' daemon returns to normal.

diagnose system top 2 50
10:53:26 AM up 0 days, 0 hours and 4 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 387709T, 361363F
cmdbsvr 9790 R 85.6 0.0 0


highcpu1.png

 

After 11 Minutes:


11:01:33 AM up 0 days, 0 hours and 12 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 387709T, 360582F
cmdbsvr 9790 S 0.1 0.0 0


cpunormal.png

 

This issue has been resolved in v7.6.3 (available in the support portal).

 

Another example is repeated and frequent CMDB_REQ_COMMIT requests that are related to the 'cmdbsvr' process. 

 

   diagnose debug reset

   diagnose debug cmdb-trace 1

   diagnose debug console timestamp enable

   diagnose debug enable

   diagnose sys top-mem 30

 

2025-04-24 10:05:26 cmdbsvr set_in_by_cmdbsvr

2025-04-24 10:05:26 cmdbsvr set_iprope

2025-04-24 10:05:28 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18267(/bin/dhcpcd)

2025-04-24 10:05:28 [_svr_d_commit:2703] pid=18267, object='system.interface'

2025-04-24 10:05:28 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18267(/bin/dhcpcd)

2025-04-24 10:05:28 [_svr_d_commit:2703] pid=18267, object='system.interface'

2025-04-24 10:05:28 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18267(/bin/dhcpcd)

2025-04-24 10:05:28 [_svr_d_commit:2703] pid=18267, object='router.static'

2025-04-24 08:05:28 cmdbsvr starting: pid=18274, argc=1, argv[1]=''

2025-04-24 10:05:30 cmdbsvr set_iprope6

2025-04-24 10:05:32 cmdbsvr waiting for request...

2025-04-24 10:05:32 cmdbsvr set_in_by_cmdbsvr

2025-04-24 10:05:32 cmdbsvr set_iprope

2025-04-24 10:05:33 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18277(/bin/dhcpcd)

2025-04-24 10:05:33 [_svr_d_commit:2703] pid=18277, object='system.interface'

2025-04-24 10:05:35 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18277(/bin/dhcpcd)

2025-04-24 10:05:35 [_svr_d_commit:2703] pid=18277, object='system.interface'

2025-04-24 10:05:35 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18277(/bin/dhcpcd)

2025-04-24 10:05:35 [_svr_d_commit:2703] pid=18277, object='router.static'

2025-04-24 08:05:35 cmdbsvr starting: pid=18284, argc=1, argv[1]=''

2025-04-24 10:05:38 cmdbsvr waiting for request...

2025-04-24 10:05:38 cmdbsvr set_in_by_cmdbsvr

2025-04-24 10:05:38 cmdbsvr set_iprope

2025-04-24 10:05:40 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18286(/bin/dhcpcd)

2025-04-24 10:05:40 [_svr_d_commit:2703] pid=18286, object='system.interface'

2025-04-24 10:05:41 cmdbsvr set_iprope6

2025-04-24 10:05:52 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18286(/bin/dhcpcd)

2025-04-24 10:05:52 [_svr_d_commit:2703] pid=18286, object='system.interface'

2025-04-24 10:05:52 cmdbsvr recv req_type=0(CMDB_REQ_COMMIT) from pid=18286(/bin/dhcpcd)

2025-04-24 10:05:52 [_svr_d_commit:2703] pid=18286, object='router.static'

2025-04-24 08:05:52 cmdbsvr starting: pid=18293, argc=1, argv[1]=''

2025-04-24 10:05:55 cmdbsvr waiting for request...

2025-04-24 10:05:56 cmdbsvr set_in_by_cmdbsvr

 

From the output above, frequent CMDB_REQ_COMMIT requests come from the dhcpcd process, specifically related to updates on system.interface, and router.static objects.

 

These commits happen every few seconds, triggering cmdbsvr to commit changes repeatedly.

Each new PID indicates a new dhcpcd process instance, suggesting it's being restarted repeatedly.

 

Solution:

Perform DHCP process debugs and check if there is any error showing in the process. 

 

diagnose debug disable 

diagnose debug application dhcpd -1

diagnose debug enable 

 

Keep the debugs running and disable the debugs from the following command:

 

diagnose debug disable

 

Kill the two top processes 'cmdbsvr' and 'dhcpd' using their process IDs, and then check the results on the CPU afterwards.

 

diagnose sys kill 11 77 <----- 77 is the process ID of dhcpd as seen from output diagnose sys top.

diagnose sys kill 11 24578 <----- 24578 is the pid of cmdbsvr.

 

Note: Killing the process with signal 11 will result in an entry being added to the crashlog file.

 

General debug information is required by FortiGate TAC for investigation.

 

  1. Debugs:


diagnose sys top 2 50
diagnose sys process pidof cmdbsvr
diagnose sys process trace <PID>
diagnose sys process dump <PID>
diagnose sys process pstack <PID>
diagnose sys process sock-mem <PID>

  1. TAC Report:


execute tac report

  1. Configuration file of the FortiGate.

 

Workaround:

To instantly remediate the high CPU utilization due to cmdbsvr, the process can be killed using the command below.

 

   fnsysctl killall cmdbsvr
    Terms & ConditionsAccessibility statement