Springbank CV

By kristof on Wed, 07/07/2010 - 17:13

Temperatures are soaring outside, not really the time for a dram. Or is it ? Some people drink whisky at any season, others prefer a warm fireplace while the rain is pouring outside. Count me in the last group. However, duty calls, so here's a new tasting note. Springbank is the oldest independent distillery in Scotland, and created in Campbeltown. From a traveller's perspective, visiting the Campbeltown area is a small nightmare. One has to make a long trek to the Southern tip of the Kintyre peninsula on the Western coast of Scotland to reach Springbank - or the nearby Glen Scotia distillery. Except for the distilleries, there's not much happening in Campbeltown. And even for the people that want to 'get away from it all' for a few days, Springbank is a fairly poor destination. It's one of the few distilleries that isn't surrounded by the lush Scottish countryside - located in the middle of a busy town.

Springbank CV is an unusual whisky, for several reasons : first, it’s not quite clear what ‘C.V.’ used to mean. Some say ‘Chairman’s Vat – or Vatting’, others ‘Curriculum Vitae’... It contains a blend of different single malts between the age of 8 and 30, therefore presenting a 'taste visiting card' of Springbank. Then, there’s been several versions, notably an earlier ‘white cap’ version that’s the one we’ll have right now, and then a more recent ‘gold cap’ version. Second, it has a quite complex tasting :

Color : *very* pale gold, almost white wine.
Smell: complex. Spirits and grain. Spicy. Adding drops of water emerges a burst of pepper. Is that fruit there hiding in the back ?
Taste : oily, malt and more spices. So much pepper, it makes my mouth tingle ! Tears in me eyes. Again some fruit (lemon ? Pear ?) hiding in the pepper cloud. Lots of other stuff too, like liquorice, peat and some bitterness but almost killed immediately by spice and pepper.

Aaa-choum ! Did I mention the pepper ? This could have been a balanced complex whisky, but unfortunately too spicy for me.

Kievit

By kristof on Wed, 06/30/2010 - 09:29

Deze kievit komt regelmatig in onze tuin op bezoek. Van ver lijkt hij op een zwart-witte duif met een uitgesproken kuifje. Bij het inzoomen echter blijkt dit vogeltje een mooi metalig grijs-groen vederkleed te hebben. Je treft hem aan in vochtige weilanden met kort gras, waar hij ook graag in nestelt. De kievit komt in het najaar in grote groepen samen om naar het warme zuiden te trekken, tijdens dewelke hij zwaar bedreigt wordt, gezien hij graag geschoten wordt, voornamelijk in Denemarken en Ierland. De naam is vernoemd naar zijn 'kievit'-achtige roep.

Face in space

By kristof on Wed, 06/30/2010 - 09:16

With flights STS-133 (launching at October 29th 2010) and STS-134 (Febrauary 29th 2011), the space Shuttle program will come to a halt. The program started in 1981, and was meant to provide a cost-saving alternative for the 'throw-away' Saturn rockets which were used in the 60ties and 70ties. The space shuttles Discovery and Endeavour will be the last shuttles going into space, delivering new scientific equipment to the International Space Station.

If you want to 'participate' in the last two shuttle missions, you can : through the Face in Space website, you can upload your picture, which will be taken on the shuttles, thereby be launched into orbit and "become a part of history".

Crash dump analysis on (Open)Solaris (mdb)

By kristof on Mon, 06/28/2010 - 07:53

We've tackled previously how to look at kernel dumps on HP-UX, let's have a look now how to perform them same on OpenSolaris. The kernel debugger is actually 'quite' user-friendly, and gives you mostly enough information how to handle a crash. If your Solaris is too stable to generate crashes, then use the 

savecore -L

command to generate one on the fly. This will generate a dump in /var/adm/crash. Let's have a look at it with mdb :

# mdb -k unix.0 vmcore.0 
Loading modules: [ unix krtld genunix specfs dtrace cpu.AuthenticAMD.15 uppc pcplusmp ufs ip sctp usba lofs zfs random ipc md fcip fctl fcp crypto logindmux ptm nfs ]
>

The ::status command will display high level information regarding this debugging session. This is mostly a one-liner, which reveals the reason of the crash. 

> ::status
debugging crash dump vmcore.0 (64-bit) from hostname
operating system: 5.11 snv_43 (i86pc)
panic message: BAD TRAP: type=e (#pf Page fault) rp=fffffe80000ad3d0 addr=0 occurred in module "unix" due to a NULL pointer dereference
dump content: kernel pages only

The ::stack command will prove you with a stack trace, this is the same thing trace you would have seen in syslog or the console.

> ::stack
atomic_add_32()
nfs_async_inactive+0x55(fffffe820d128b80, 0, ffffffffeff0ebcb)
nfs3_inactive+0x38b(fffffe820d128b80, 0)
fop_inactive+0x93(fffffe820d128b80, 0)
vn_rele+0x66(fffffe820d128b80)
snf_smap_desbfree+0x78(fffffe8185e2ff60)
dblk_lastfree_desb+0x25(fffffe817a30f8c0, ffffffffac1d7cc0)
dblk_decref+0x6b(fffffe817a30f8c0, ffffffffac1d7cc0)
freeb+0x89(fffffe817a30f8c0)
tcp_rput_data+0x215f(ffffffffb4af7140, fffffe812085d780, ffffffff993c3c00)
squeue_enter_chain+0x129(ffffffff993c3c00, fffffe812085d780, fffffe812085d780, 1, 1)
ip_input+0x810(ffffffffa23eec68, ffffffffaeab8040, fffffe812085d780, e)

The ::msgbuf command will output the message buffer at the time of crash; the message buffer is most commonly used by sysadmins through the "dmesg" command.

> ::msgbuf
MESSAGE                                                               
....
WARNING: IP: Hardware address '00:14:4f:xxxxxxx' trying to be our address xxxx
WARNING: IP: Hardware address '00:14:4f:xxxx' trying to be our address xxxx

panic[cpu0]/thread=fffffe80000adc80: 
BAD TRAP: type=e (#pf Page fault) rp=fffffe80000ad3d0 addr=0 occurred in module "unix" due to a NULL pointer dereference

sched: 
#pf Page fault
Bad kernel fault at addr=0x0

One of the coolest commands is the cpuinfo -v command, which will show more information about the running processes at the time of the crash, including some nicely ascii-art style formatting :

>  ::cpuinfo -v
 ID ADDR             FLG NRUN BSPL PRI RNRN KRNRN SWITCH THREAD           PROC
  1 ffffffff983b3800  1f    1    0  59  yes    no t-0    fffffe80daac2f20 smtpd
                       |    |
            RUNNING   PRI THREAD           PROC
              READY                99 fffffe8000bacc80 sched
           QUIESCED
             EXISTS
             ENABLE

Other interesting commands are the ::ps (info about running processes), and ::panicinfo, which will reveal thread information, which you can further investigate with the ::walkthread option.

In a following article, I'll write about the Solaris Core Analyzer, which is a Q4 comparabe tool on Solaris to walk through kernel dumps.

Crash dump analysis on HP-UX

By kristof on Fri, 06/25/2010 - 13:54

A crashing Unix server should be a seldom event, which means that postmortem investigation is something you will rarely do. Kernel debuggers are not much fun, and require you basically to have a good knowledge about the kernel internals. Not too difficult if you're a guru in a specific Unix flavour, but if you're housing 3 Unices, each with different kernel versions, then you're into a whole different game ! Luckily, there are admin-friendly scripts nowadays which help you with the task of digging out why your machine crashed.

Let's have a look at HP-UX : this features the adb kernel debugger, but also the Q4 package. This will generally be default installed in the /usr/contrib/Q4 directory. Before first use, you need to copy the initializing script to your homedir : 

cp /usr/contrib/Q4/lib/q4lib/sample.q4rc.pl /root/.q4rc.pl

Then you're ready to start up the tool itself :

# q4 -p

HP KWDB 3.2.3 for HP Itanium (32 or 64 bit) and target HP-IPF 11.2x.
Copyright 1986 - 2001 Free Software Foundation, Inc.
Hewlett-Packard KWDB 3.2.3 12-May-2009 21:15 is covered by the
GNU General Public License. Type "show copying" to see the conditions to
change it and/or distribute copies. Type "show warranty" for warranty/support.
..
crashdump information:
  hostname  anduril
  model     ia64 hp server Integrity Virtual Machine
  panic     gexcp_hndlr: Unresolved priv 0 interruption.
  release   @(#) $Revision: vmunix:    B.11.31_LR FLAVOR=perf 
  dumptime  1277458512 Fri Jun  25 11:35:12 METDST 2010
  savetime  1277459539 Fri Jun  25 11:52:19 METDST 2010
  dumptype  Non Compressed 

Event selected is 0. It was a panic
#0  0xe000000001da26c0:0 in panic_save_regs_switchstack+0x110
    (0x4000000000000692, 0xe000000001d9d640, 0x144000206c61009f

The Q4 package contains lots of scripts which can be used for providing you with extra information. The most interesting ones are analyze.pl and whathappened.pl. Beware that these scripts can barf out loads of output ! (you can always redirect the output to a file, as if you were on the command prompt)

q4> include analyze.pl
q4> include whathappened.pl
q4> run Analyze AMUP
...
q4> run WhatHappened
System Name:    HP-UX
Node Name:      anduril
Release:        B.11.31
Version:        U
Model:          no
Machine ID:     123456789
Processors:     1
Architecture:   IA-64
Physical Mem:   1571536 pages

This is a 64 Bit Kernel
The system had been up for 44.12 days (381190776 ticks).
Load averages: 0.76 0.77 0.48.

System went down at: Fri Jun 25 11:35:12 2010

+--------------------------------------------+
| Message Buffer                             |
+--------------------------------------------+
Found adjacent data tr. Growing size.  0x240d000 -> 0x640d000.
Loaded ACPI revision 2.0 tables.
MMIO on this platform supports Write Coalescing.
...
gexcp_hndlr: Reserved Register/Field or Unimplemented Address fault occurs in kernel mode.
gexcp_hndlr: unimplemented data address fault, ISR.ir = 0,
      data memory reference to unimplemented address
******************************************************************************

reg_dump(): Displaying register values (in hex) from the save state at
  ssp  87ffffff_5ffe7200 return_status/reason/flags  0000/0054/00000001

Interruption type: Unimplemented Data Address Fault
panic: gexcp_hndlr: Unresolved priv 0 interruption.

Stack Trace:
  IP                  Function Name
  0xe000000001dea710  gexcp_hndlr+0x2d0
  0xe000000001c0a780  bubbledown+0x0
  0xe000000000afed90  kmem_lpc_alloc+0x2b0
  0xe000000000d6ead0  get_kmem+0x290
  0xe000000000d66070  kmem_arena_xlarge_alloc+0x2f0
  0xe000000000c24e90  kmem_arena_varalloc+0x2d0
  0xe000000000df31c0  vfork_buffer_init+0xb0
  0xe000000000d0b7c0  newproc+0x11f0
  0xe000000000a12930  vfork+0x1440
  0xe000000000c261a0  syscall+0x560
End of Stack Trace

It's not always guaranteed that you'll find an exact reason why the machine crashed (especially if it's really kernel related), but at least it can give you a rough idea what happened.

Anonymous Fri, 08/13/2010 - 14:50

Just wanted to point out that the command which is being run is actually `kwdb` (it is shown in the output). So the old `q4` simply runs kwdb:

# ll /usr/contrib/Q4/bin/q4
lrwxrwxrwx 1 bin bin 26 Jul 15 14:49 /usr/contrib/Q4/bin/q4 -> /usr/contrib/kwdb/bin/kwdb

`kwdb` combines some of the features of `wdb` (essentially GNU gdb modified by HP) with the old `q4` commands, together to make a full-featured kernel debugger. `kwdb` also supports Perl scripting.

Also, starting at version 11.31, HP added `livedump` which makes it possible to produce a full memory dump without actually panicing the system. And see the " /opt/sfm/tools/ " directory for `crashinfo` -- a live kernel stack trace tool, as well as `pstack`, its userspace counterpart, both included in 11.31. These tools provide a more convenient way to see what is happening in a live kernel.

Subscribe to