When trying to perform a configuration change, CMDB-related errors could appear, such as 'CMDB add entry failed', or  'CMDB command timeout'. it is most likely the result of the wrong upgrade path followed. 

It is always recommended to follow the upgrade path according to the upgrade path tool: https://docs.fortinet.com/upgrade-tool

When a user looks into the CLI by running this command:

diagnose sys flash list

Two boot partitions will be visible inside the grub configuration: active and backup. It is to be observed that the primary boot partition should have the current firmware version loaded; if not, that means the image got corrupted.

Here is a solution to fix this:

Try to kill the process that's locking the CMDB Database. To do that, run the command:

get sys cmdb status

diagnose sys cmdb info

Pay attention to the value of 'owner id'. Execute the following command:

diagnose sys kill 11 <PID>  <----- Replace <PID> with the value of 'owner id': from the previous command.

If the problem persists, the FortiGate should be rebooted.

If the issue persists after the reboot, capture the following diagnostic commands and open a new TAC ticket:

diagnose sys flash list
fnsysctl ps
get sys cmdb status
diagnose sys process nameof <PID>
diagnose sys kill 11 <PID>
get sys cmdb status
diagnose debug cmdb-trace 1
diagnose debug enable

Perform the configuration change until the error appears, and then stop the debug by executing the following commands:

diagnose debug disable
diagnose debug reset

The final option is to flash format FortiGate using the following KB article: Technical Tip: Formatting and loading FortiGate firmware image using TFTP