Is the PostgreSQL image broken?

I am using Docker Compose approach to run Greenbone Community Edition with the stock Docker Compose file as advertised in the documentation.

My workflow includes running the following on a weekly basis:

  1. docker compose pull to get the latest container images, especially for feeds, and
  2. docker compose up -d to update running containers with new images.

It has been running fine for the last 1.5 years.

I have encountered the first problem last week where all my scans were “interrupted at 100%”. The error was something related to sql_exec_internal.

I decided to pull latest container images and re-run containers with these images. I noticed that the logs are filled with following error (and cascading errors and warnings):

gvmd-1                 | md manage:WARNING:2024-12-31 00h25.27 utc:1143: sql_exec_internal: PQexec failed: ERROR:  could not load library "/usr/lib/postgresql/13/lib/llvmjit.so": /usr/lib/x86_64-linux-gnu/libLLVM-11.so.1: undefined symbol: _ZN4llvm18RgPressureTracker11closeBottomEv, version LLVM_11                                                                                                                                                                                                                                           
pg-gvm-1               | 2024-12-31 00:25:27.647 UTC [2957] gvmd@gvmd ERROR:  could not load library "/usr/lib/postgresql/13/lib/llvmjit.so": /usr/lib/x86_64-linux-gnu/libLLVM-11.so.1: undefined symbol: _ZN4llvm18RgPressureTracker11closeBottomEv, version LLVM_11     pg-gvm-1               | 2024-12-31 00:25:27.647 UTC [2957] gvmd@gvmd CONTEXT:  SQL function "report_severity_count" statement 1                                                                                                                                           

Is the pg-gvm image broken? Do we have any idea where I should look into?

I think that disabling jit in PostgreSQL configuration solves the problem, at least in my case.

I did the following to disable jit:

$ docker compose exec -i pg-gvm bash
$ cat /etc/postgresql/13/main/postgresql.conf  | grep jit
#jit_above_cost = 100000                # perform JIT compilation if available
#jit_inline_above_cost = 500000         # inline small functions if query is
#jit_optimize_above_cost = 500000       # use expensive JIT optimizations if
#jit = on                               # allow JIT compilation
#jit_provider = 'llvmjit'               # JIT library to use
$ cp /etc/postgresql/13/main/postgresql.conf /etc/postgresql/13/main/postgresql.conf.backup
$ sed -i "s/#jit = on/jit = off/g" /etc/postgresql/13/main/postgresql.conf
$ cat /etc/postgresql/13/main/postgresql.conf | grep jit
#jit_above_cost = 100000                # perform JIT compilation if available
#jit_inline_above_cost = 500000         # inline small functions if query is
#jit_optimize_above_cost = 500000       # use expensive JIT optimizations if
jit = off                               # allow JIT compilation
#jit_provider = 'llvmjit'               # JIT library to use

Then, I pulled all Docker images as per the Docker compose file and ran:

$ docker compose stop pg-gvm
$ docker compose up -d

All SecInfo feed updates were performed successfully. Also, I ran a scan task for testing purposes. It finished successfully, too.