Controller disruption might occur after enabling Autonomous Ransomware Protection feature

Applies to

• ONTAP 9
• Autonomous Ransomwware Protection
• Anti-ransomware monitoring
• Memory leak 

Issue

• After enabling anti-ransomware monitoring,  the controller might experience a panic reboot similar to the following:

Sat Jul 22 08:35:26 +0000 [cluster01: nodewatchdog: sk.panic:alert]: Panic String: Process mgwd unresponsive for 1031 seconds (mgwd startup: "mpd mod background init(13275)") in process nodewatchdog on release 9.12.1P2 (C)
Sun Jul 23 04:57:37 +0000 [cluster01: nodewatchdog: sk.panic:alert]: Panic String: Process mgwd unresponsive for 201 seconds (mgwd startup: "(5611)") in process nodewatchdog on release 9.12.1P2 (C)
Sun Jul 23 22:45:52 +0000 [cluster01: mgwd: ucore.panicString:error]: 'mgwd: Received SIGABRT (Signal 6) at RIP 0x81b5273fc (pid 5619, uid 0, timestamp 1690152352).'
Sun Jul 23 22:54:49 +0000 [cluster01: mgwd: ucore.panicString:error]: 'mgwd: Received SIGABRT (Signal 6) at RIP 0x80045b929 (pid 69273, uid 0, timestamp 1690152889).'
Sun Jul 23 22:57:32 +0000 [cluster01: nodewatchdog: sk.panic:alert]: Panic String: Process mgwd unresponsive for 927 seconds (mgwd startup: "(5619)") in process nodewatchdog on release 9.12.1P2 (C)

• In a workload involving large number of file creates and deletes, and/or many terabytes of high-entropy data operations,  a memory leak issue can be experienced when one or more volumes have anti-ransomware monitoring in 'enabled' state
• This memory leak does not occur if the volume is in anti-ransomware monitoring learning (dry-run), paused, or disabled state
• A very small amount of memory gets leaked when anti-ransomware monitoring tries to detect the potential ransomware pattern 
• The total amount of memory leaked over time can result in system panic with a panic string "Process mgwd unresponsive for xxx seconds"