Gvmd stuck at "Reloading NVTs" process "Updating NVT cache" never ends

gvmd stuck forever reloading NVTs. Process “Updating NVT cache” is started, but seems to do nothing. Whole thing keeps it this way until infinite (process running now for more than three days).

  1283 ?        SLs    0:02 gvmd: Waiting for incoming connections
  1301 ?        S      0:00  \_ gvmd: Reloading NVTs
  1303 ?        S      0:00      \_ gvmd: Updating NVT cache

node: v10.12.0

redis-server: Redis server v=5.0.0 sha=00000000:0 malloc=jemalloc-3.6.0 bits=64 build=faf382d3bcf11653

gvmd: Greenbone Vulnerability Manager 8.0+beta1
GIT revision 9cd8a681-master
Manager DB revision 195
Copyright (C) 2010-2017 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

openvassd: OpenVAS Scanner 6.0+beta2
GIT revision f38dd08-master
Most new code since 2005: (C) 2018 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Oops, secure memory pool already initialized
gsad: Greenbone Security Assistant 8.0+beta2
GIT revision ef205192b-master
Copyright (C) 2010-2016 Greenbone Networks GmbH
License GPLv2+: GNU GPL version 2 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Make sure that your redis setup is sufficient like described in Hint: Redis setup / configuration for GSE/GVM/OpenVAS.

For productive environments its also strongly suggested use the GVM-9 (stable, initial release 2017-03-07) releases instead of beta releases which might not work as expected yet. Especially as the latest beta release is already half an year old.

Such beta releases should be used only if you want to spent time on your own to debug issues or similar.

2 Likes
gsa                                       v8.0+beta1-2315-gf2d9c7b94
gvm                                       v8.0+beta1-295-ga391a35e
gvm-libs                                  v1.0+beta1-78-gc939d92e
gvm-tools                                 v1.4.1-239-gbb98ebd
openvas-scanner                           v6.0+beta1-319-ge0d8148
openvas-smb                               v1.0.4-2-g564d5a0
ospd                                      v1.3.0-140-gca45bbe
ospd-debsecan                             f46c3aa
ospd-ikeprobe                             66b1eb1
ospd-ikescan                              5f2553b
ospd-netstat                              4f0f578
ospd-nmap                                 71248b4
ospd-nmap-nse                             01afe7f
ospd-openvas                              9b96df9

redis has one socket open:

redis-ser    584   586            redis    6u     unix 0x00000000c71e3b06       0t0      18365 /var/run/redis/redis-server.sock type=STREAM
redis-ser    584   586            redis    7u     unix 0x00000000a1a5a208       0t0     609565 /var/run/redis/redis-server.sock type=STREAM

gvmd, gsad, openvassd all started and running, as is redis:

   584 ?        Ssl   14:48 /usr/bin/redis-server 127.0.0.1:0
 42356 ?        SLsl   0:02 /usr/local/sbin/gsad --foreground
 42360 ?        Sl     0:00  \_ /usr/local/sbin/gsad --foreground
 42357 ?        SLs    0:01 /usr/local/sbin/openvassd --foreground
 42358 ?        SLs    0:03 gvmd: Waiting for incoming connections
 42380 ?        S      0:00  \_ gvmd: Reloading NVTs
 42381 ?        S      0:00      \_ gvmd: Updating NVT cache

Logs hold
gsad.log:

gsad main:MESSAGE:2018-11-05 09h36.35 utc:39796: Starting GSAD version 8.0+beta2 (GIT revision f2d9c7b94-master)
gsad  gmp:MESSAGE:2018-11-05 09h42.43 utc:39796: Authentication success for 'sct-muc' from 172.18.8.187
gsad  gmp:MESSAGE:2018-11-05 10h14.59 UTC:39796: Authentication success for 'sct-muc' from 172.18.8.187
gsad main:MESSAGE:2018-11-05 11h48.42 utc:42356: Starting GSAD version 8.0+beta2 (GIT revision f2d9c7b94-master)
gsad  gmp:MESSAGE:2018-11-05 11h51.13 utc:42356: Authentication success for 'sct-muc' from 172.18.8.187

gvmd.log:

md manage:   INFO:2018-11-05 09h53.55 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2008.xml
md manage:   INFO:2018-11-05 09h54.00 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2009.xml
md manage:   INFO:2018-11-05 09h54.02 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2010.xml
md manage:   INFO:2018-11-05 09h54.06 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2011.xml
md manage:   INFO:2018-11-05 09h54.17 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2012.xml
md manage:   INFO:2018-11-05 09h54.25 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2013.xml
md manage:   INFO:2018-11-05 09h54.33 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2014.xml
md manage:   INFO:2018-11-05 09h54.39 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2015.xml
md manage:   INFO:2018-11-05 09h54.46 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2016.xml
md manage:   INFO:2018-11-05 09h55.05 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2017.xml
md manage:   INFO:2018-11-05 09h56.04 utc:39819: Updating /usr/local/var/lib/gvm/scap-data/nvdcve-2.0-2018.xml
md manage:   INFO:2018-11-05 09h56.23 utc:39819: Updating OVAL data
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/c/oval.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/m/oval.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/ios.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/pixos.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/p/oval.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/i/oval.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/macos.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/unix.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Skipping /usr/local/var/lib/gvm/scap-data/oval/5.10/org.mitre.oval/v/family/windows.xml, file is older than last revision (this is not an error)
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Updating user OVAL definitions.
md manage:   INFO:2018-11-05 10h02.05 utc:39819: Updating CVSS scores and CVE counts for CPEs
md manage:   INFO:2018-11-05 10h04.52 utc:39819: Updating CVSS scores for OVAL definitions
md manage:   INFO:2018-11-05 10h04.53 utc:39819: Updating placeholder CPEs
md manage:   INFO:2018-11-05 10h04.59 utc:39819: sync_scap: Updating SCAP info succeeded
event task:MESSAGE:2018-11-05 10h15.47 UTC:40620: Task nc158-muc (LAN) (0df53fe7-027c-4869-b3f0-1f978af7d025) could not be started by user
event task:MESSAGE:2018-11-05 10h15.59 UTC:40629: Task nc158-muc (LOC) (ccc77ac0-a900-46bc-a776-3194386aba18) could not be started by user
md   main:WARNING:2018-11-05 11h48.34 utc:39820: openvas_scanner_read: Failed to read from scanner: Connection reset by peer
md   main:MESSAGE:2018-11-05 11h48.42 utc:42358:    Greenbone Vulnerability Manager version 8.0+beta1 (GIT revision a391a35e-master) (DB revision 195)
md manage:WARNING:2018-11-05 11h48.43 utc:42358: database must be initialised from scanner
util gpgme:MESSAGE:2018-11-05 11h48.43 utc:42358: Setting GnuPG dir to '/usr/local/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2018-11-05 11h48.44 utc:42358: Using OpenPGP engine version '2.2.10'
event task:MESSAGE:2018-11-05 11h51.25 UTC:42503: Task nc158-muc (LAN) (0df53fe7-027c-4869-b3f0-1f978af7d025) could not be started by user
event task:MESSAGE:2018-11-05 11h51.35 UTC:42509: Task nc158-muc (LOC) (ccc77ac0-a900-46bc-a776-3194386aba18) could not be started by user

The main interesting messages are:

md   main:WARNING:2018-11-05 11h48.34 utc:39820: openvas_scanner_read: Failed to read from scanner: Connection reset by peer
md   main:MESSAGE:2018-11-05 11h48.42 utc:42358:    Greenbone Vulnerability Manager version 8.0+beta1 (GIT revision a391a35e-master) (DB revision 195)
md manage:WARNING:2018-11-05 11h48.43 utc:42358: database must be initialised from scanner
util gpgme:MESSAGE:2018-11-05 11h48.43 utc:42358: Setting GnuPG dir to '/usr/local/var/lib/gvm/gvmd/gnupg'

The scanner socet is created:

-rw-r--r-- 1 root root    6 Nov  5 12:48 gsad.pid
-rw------- 1 root root    6 Nov  5 12:48 gvmd.pid
srw-rw---- 1 root root    0 Nov  5 12:48 gvmd.sock=
-rw------- 1 root root    0 Oct 31 11:45 gvm-checking
-rw------- 1 root root    0 Oct 31 11:45 gvm-create-functions
-rw------- 1 root root    0 Oct 31 11:45 gvm-helping
-rw------- 1 root root    0 Oct 31 11:45 gvm-migrating
-rw------- 1 root root    0 Oct 31 11:45 gvm-serving
srw-rw---- 1 root root    0 Nov  5 12:48 openvassd.sock=

Redis servers socket:

-rw-rw----  1 redis redis   4 Oct 31 16:03 redis-server.pid
srwx------  1 redis redis   0 Oct 31 16:03 redis-server.sock=

Rights might not be what I’d would expect, but since openvassd, gvmd, gsad all run as root this does not matter …!

It is difficult without knowing you exact environment to debug a BETA Version. Please check this with a release first before posting endless debug information here. If it works with the release and you are not familiar with GDB i would suggest to stay away from non releases.