Diagnosing kernel memory leak issues

Sometimes, despite minimal or very low traffic, the memory utilization of the FortiWeb remains relatively high, for example, reaching around 80%. This situation could indicate the presence of a potential kernel memory leak. Run cat /proc/meminfo in Shell. Check if the slab (memory consumed by the kernel) is exceptionally high (reaching values of 1 GB or even 10 GB).

The following is an example of the output of cat /proc/meminfo.

MemTotal: 16186144 kB

MemFree: 481784 kB

MemAvailable: 13119360 kB

Buffers: 1106296 kB

Cached: 1378200 kB

SwapCached: 0 kB

Active: 3015388 kB

Inactive: 1157396 kB

Active(anon): 1693084 kB

Inactive(anon): 71832 kB

Active(file): 1322304 kB

Inactive(file): 1085564 kB

Unevictable: 47960 kB

Mlocked: 47960 kB

SwapTotal: 0 kB

SwapFree: 0 kB

Dirty: 128 kB

Writeback: 0 kB

AnonPages: 1735972 kB

Mapped: 170672 kB

Shmem: 81160 kB

KReclaimable: 10399120 kB

Slab: 10623512 kB

SReclaimable: 10399120 kB

SUnreclaim: 224392 kB

KernelStack: 6496 kB

PageTables: 13568 kB

NFS_Unstable: 0 kB

Bounce: 0 kB

WritebackTmp: 0 kB

CommitLimit: 8093072 kB

Committed_AS: 5777048 kB

VmallocTotal: 34359738367 kB

VmallocUsed: 11028 kB

VmallocChunk: 0 kB

Percpu: 1984 kB

HugePages_Total: 0

HugePages_Free: 0

HugePages_Rsvd: 0

HugePages_Surp: 0

Hugepagesize: 2048 kB

Hugetlb: 0 kB

DirectMap4k: 88204 kB

DirectMap2M: 4022272 kB

DirectMap1G: 12582912 kB

In this case, it's recommended to run the following command to release cache every 45 minutes.

config system settings

set enable-cache-flush enable

end

• By default, enable-cache-flush is enabled on FortiWeb-VM and disabled on FortiWeb appliance.

• The system only logs the operations when the feature is enabled or disabled. No event log is recorded for each cache flush that occurs every 45 minutes.

• Even if the memory usage is not high, when enable-cache-flush is enabled, the cache is flushed every 45 minutes as per the configuration.