Technical Tip: High CPU on one core consumed by softirq after upgrading to v7.0.16, v7.0.17, v7.2.11, v7.4.6 or v7.4.7

SAJUDIYA · ‎07-15-2025

Description

This issue discusses high CPU utilization on one CPU core by softirq after upgrading to one of the following versions:

v7.0.16, v7.0.17, v7.2.11, v7.4.6 or v7.4.7.

NP6xLite (SOC4), NP6Lite (SOC3), and NP7Lite (SOC5) are affected by this issue that causes high softirq on a particular core.

Scope

FortiGate v7.0, v7.2, v7.4.

Solution

To identify the issue, it can be visible on direct console access by seeing the output below:

NP6XLITE: __np6xlite_tunmgr_write:70 timeout
NP6XLITE: __np6xlite_tunmgr_write:70 timeout
NP6XLITE: __np6xlite_tunmgr_write:70 timeout

From CLI, it shows one of CPU cores has around 100% softirq, and others seem normal as below:

get system performance status

CPU states: 2% user 23% system 0% nice 25% idle 0% iowait 0% irq 50% softirq
CPU0 states: 7% user 91% system 0% nice 2% idle 0% iowait 0% irq 0% softirq
CPU1 states: 0% user 0% system 0% nice 0% idle 0% iowait 0% irq 100% softirq
CPU2 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU3 states: 0% user 0% system 0% nice 0% idle 0% iowait 0% irq 100% softirq
Memory: 1964180k total, 1155460k used (58.8%), 517280k free (26.3%), 291440k freeable (14.8%)
Average network usage: 492 / 35 kbps in 1 minute, 687 / 573 kbps in 10 minutes, 576 / 506 kbps in 30 minutes

A workaround to resolve this issue is to disable npu-offloading on the Psec VPN tunnel:

config vpn ipsec phase1-interface
edit <Phase1 Name>
set npu-offload disable
end

This was an issue permanently fixed in v7.2.12, v7.4.8, v7.6.4, and v8.0.0.

Technical Tip: High CPU on one core consumed by softirq after upgrading to v7.0.16, v7.0.17, v7.2.11, v7.4.6 or v7.4.7

You are leaving our website