drgn (pronounced "dragon") is a debugger with an emphasis on programmability. drgn exposes the types and variables in a program for easy, expressive scripting in Python. For example, you can debug the Linux kernel:
>>> from drgn.helpers.linux import list_for_each_entry
>>> for mod in list_for_each_entry('struct module',
... prog['modules'].address_of_(),
... 'list'):
... if mod.refcnt.counter > 10:
... print(mod.name)
...
(char [56])"snd"
(char [56])"evdev"
(char [56])"i915"
Although other debuggers like GDB have scripting support, drgn aims to make scripting as natural as possible so that debugging feels like coding. This makes it well-suited for introspecting the complex, inter-connected state in large programs. It is also designed as a library that can be used to build debugging and introspection tools; see the official tools.
drgn was developed at Meta for debugging the Linux kernel (as an alternative to the crash utility), but it can also debug userspace programs written in C. C++ support is in progress.
Documentation can be found at drgn.readthedocs.io.
drgn can be installed using the package manager on some Linux distributions.
Fedora >= 32
$ sudo dnf install drgn
RHEL/CentOS >= 8
Enable EPEL. Then:
$ sudo dnf install drgn
Arch Linux
openSUSE
$ sudo zypper install python3-drgn
If your Linux distribution doesn't package the latest release of drgn, you can install it with pip.
First, install pip. Then, run:
$ sudo pip3 install drgn
This will install a binary wheel by default. If you get a build error, then pip wasn't able to use the binary wheel. Install the dependencies listed below and try again.
Note that RHEL/CentOS 6, Debian Stretch, Ubuntu Trusty, and Ubuntu Xenial (and older) ship Python versions which are too old. Python 3.6 or newer must be installed.
To get the development version of drgn, you will need to build it from source. First, install dependencies:
Fedora/RHEL/CentOS
$ sudo dnf install autoconf automake elfutils-devel gcc git libtool make pkgconf python3 python3-devel python3-pip python3-setuptools
Replace
dnf
withyum
for RHEL/CentOS < 8.Debian/Ubuntu
$ sudo apt-get install autoconf automake gcc git liblzma-dev libelf-dev libdw-dev libtool make pkgconf python3 python3-dev python3-pip python3-setuptools zlib1g-dev
Arch Linux
$ sudo pacman -S --needed autoconf automake gcc git libelf libtool make pkgconf python python-pip python-setuptools
Optionally, install libkdumpfile if you want support for the makedumpfile compressed kernel core dump format.
libkdumpfile
is currently only packaged on Fedora and EPEL. For other distributions, you must install it manually.openSUSE
$ sudo zypper install autoconf automake gcc git libdw-devel libelf-devel libkdumpfile-devel libtool make pkgconf python3 python3-devel python3-pip python3-setuptools
Then, run:
$ git clone https://github.com/osandov/drgn.git
$ cd drgn
$ python3 setup.py build
$ sudo python3 setup.py install
See the installation documentation for more options.
drgn debugs the running kernel by default; run sudo drgn
. To debug a
running program, run sudo drgn -p $PID
. To debug a core dump (either a
kernel vmcore or a userspace core dump), run drgn -c $PATH
. Make sure to
install debugging symbols for
whatever you are debugging.
Then, you can access variables in the program with prog['name']
and access
structure members with .
:
$ sudo drgn
>>> prog['init_task'].comm
(char [16])"swapper/0"
You can use various predefined helpers:
>>> len(list(bpf_prog_for_each(prog)))
11
>>> task = find_task(prog, 115)
>>> cmdline(task)
[b'findmnt', b'-p']
You can get stack traces with prog.stack_trace()
and access parameters or
local variables with stack_trace['name']
:
>>> trace = prog.stack_trace(task)
>>> trace[5]
#5 at 0xffffffff8a5a32d0 (do_sys_poll+0x400/0x578) in do_poll at ./fs/select.c:961:8 (inlined)
>>> poll_list = trace[5]['list']
>>> file = fget(task, poll_list.entries[0].fd)
>>> d_path(file.f_path.address_of_())
b'/proc/115/mountinfo'
See the user guide for more details and features.
Copyright (c) Meta Platforms, Inc. and affiliates.
drgn is licensed under the GPLv3 or later.