drgn 0.0.33

New Features

Numerous Linux kernel memory management-related helpers were added:

• nr_blockdev_pages() was added to drgn.helpers.linux.block. It returns the amount of memory used for block device buffers.
• A new drgn.helpers.linux.hugetlb helper module was added.
  • for_each_hstate() iterates over all HugeTLB page sizes.
  • huge_page_size() returns the size of a HugeTLB state.
  • hugetlb_total_pages() returns the total number of HugeTLB pages.
  • hugetlb_total_usage() returns global HugeTLB usage information.
• A new drgn.helpers.linux.swap helper module was added.
  • for_each_swap_info() iterates over all swap devices.
  • swap_file_path() returns the path of a swap device.
  • swap_is_file() returns whether a swap device is a regular file.
  • swap_usage_in_pages() returns the number of pages currently used on a given swap device.
  • swap_total_usage() returns global swap usage information.
  • total_swapcache_pages() returns the number of swap cached pages.
• slab_cache_objects_per_slab(), slab_cache_pages_per_slab(), and slab_cache_order() were added to drgn.helpers.linux.slab. They return information about the layout of slab allocations.
• slab_cache_usage() was added to drgn.helpers.linux.slab. It returns statistics on how many objects and slabs are allocated for a slab cache.
• slab_total_usage() was added to drgn.helpers.linux.slab. It returns the total amount of memory used by the slab allocator.
• for_each_valid_page_range() and for_each_valid_pfn_and_page() were added to drgn.helpers.linux.mm. They iterate over all valid pages.
• task_rss() was added to drgn.helpers.linux.mm. It returns a task's resident set size. Contributed by Yassine Larhrissi.
• vm_commit_limit() and vm_memory_committed() were added to drgn.helpers.linux.mm. They return virtual memory overcommit information.
• decode_page_flags_value() was added to drgn.helpers.linux.mm. It is like decode_page_flags() but takes the flags value instead of the page.
• Helpers for accessing common struct page fields regardless of kernel version were added to drgn.helpers.linux.mm.
  • page_flags() returns a page's flags. Contributed by Ye Liu.
  • page_index() returns a page's offset in its containing mapping.
• Memory hotplug-related helpers were added to drgn.helpers.linux.mm.
  • for_each_memory_block() iterates over all memory hotplug blocks.
  • decode_memory_block_state() gets the state of a memory hotplug block.
  • memory_block_size_bytes() returns the size of a memory hotplug block.
• A new drgn.helpers.linux.mmzone helper module was added.
  • NODE_DATA() gets the NUMA node memory layout data of a given node.
  • for_each_online_pgdat() iterates over the NUMA node data for each online node.
  • nr_to_section(), pfn_to_section_nr(), section_nr_to_pfn(), pfn_to_section(), section_mem_map_addr(), section_decode_mem_map() and for_each_present_section() look up SPARSEMEM sections.
  • present_section{,_nr}(), valid_section{,_nr}(), online_section{,_nr}(), early_section{,_nr}(), and decode_section_flags() check SPARSEMEM section flags.
  • {min_,low_,high_,}wmark_pages() get memory reclaim watermarks.
• A new drgn.helpers.linux.vmstat helper module was added.
  • global_node_page_state(), zone_page_state(), global_zone_page_state(), nr_free_pages(), global_numa_event_state(), and global_vm_event_state() return various VM statistic counters.
• identify_address_all() was added to drgn.helpers.common.memory. It is a programmatic variant of identify_address() that can return multiple matches and returns matches as objects with additional attributes instead of strings.
• set_bit() and clear_bit() were added to drgn.helpers.experimental.kmodify. They atomically set or clear a bit in kernel memory, respectively.

Many other helpers were also added.

• dev_name() was added to drgn.helpers.linux.device. It returns the name of a device.
• super_block_for_each_mount() was added to drgn.helpers.linux.fs. It iterates over all mounts of a super block (filesystem).
• bus_to_subsys() and class_to_subsys() were added to drgn.helpers.linux.device. They get the private data for a device bus or class, respectively.
• bus_for_each_dev() and class_for_each_device() were added to drgn.helpers.linux.device. They iterate over all devices on a given bus or of a given class, respectively.
• module_kallsyms() was added to drgn.helpers.linux.kallsyms. It returns a list of symbols for a given module from its kallsyms data. Originally contributed by Stephen Brennan.
• kernfs_children() was added to drgn.helpers.linux.kernfs. It returns the children of a kernfs directory. Contributed by Joanne Koong.
• validate_list_count_nodes() was added to drgn.helpers.linux.list. It returns the length of a Linux kernel list while validating it.
• nr_node_ids() was added to drgn.helpers.linux.nodemask. It returns the upper bound on NUMA node ID numbers.
• A new drgn.helpers.linux.panic helper module was added.
  • panic_task() returns the struct task_struct * that caused a crash.
  • panic_message() returns the message logged during a panic.
  • tainted() gets the kernel's taint flags as a string.
• module_taints() was added to drgn.helpers.linux.module. It returns a kernel module's taint flags as a string.
• percpu_counter_sum_positive() was added to drgn.helpers.linux.percpu. It returns the sum of a per-CPU counter, or 0 if it is negative.
• for_each_task_in_group() was added to drgn.helpers.linux.pid. It iterates over the threads of a process. Contributed by Stephen Brennan.
• rbtree_preorder_for_each{,_entry}() were added to drgn.helpers.linux.rbtree. These do a pre-order traversal instead of the in-order traversal that rbtree_inorder_for_each{,_entry()} do.
• Runqueue-related helpers were added to drgn.helpers.linux.sched. Contributed by Richard Li.
  • cpu_rq() gets the runqueue for a given CPU.
  • task_rq() gets the runqueue that a given task is on.
  • task_since_last_arrival_ns() returns approximately how long a task has been in its current running status.
• get_task_state() was added to drgn.helpers.linux.sched. It returns a human-readable description of a task's state ("R (running)", "S (sleeping)", etc.).
• task_on_cpu() was added to drgn.helpers.linux.sched. It returns whether a given task is currently running.
• double_quote_ascii_string() was added to drgn.helpers.common.format. It formats a byte string as a double-quoted string literal.
• typeof_member() was added to drgn.helpers.common.type. It returns the type of a given member in another type.

Several helpers were extended.

• drgn.helpers.common.memory.identify_address() (and the new identify_address_all()) now recognizes page and task addresses. It also now recognizes stack addresses on kernels configured without CONFIG_VMAP_STACK.
• drgn.helpers.linux.slab.slab_object_info() and drgn.helpers.common.memory.identify_address() now return as much information as possible for the SLOB allocator instead of always returning None.
• drgn.helpers.linux.printk.{get,print}_dmesg() now take a timestamps parameter controlling how timestamps are formatted. Contributed by Yassine Larhrissi.
• drgn.helpers.linux.kernfs.kernfs_walk() can now follow symlinks. Contributed by Joanne Koong.
• drgn.helpers.linux.timekeeping.ktime_get_real_seconds() can now get the time from the VMCOREINFO crash dump metadata, which is more reliable.
• drgn.helpers.common.format.print_table() can now align interleaved rows in groups.

Finally, quite a few other features were added.

• Array and pointer objects can now be sliced (e.g., arr[1:2]) to construct a new array with a different start and length.
• The kernel stack size is now available as prog["THREAD_SIZE"]. Contributed by Stephen Brennan.
• Various SPARSEMEM parameters are now available with prog["name"]: NR_SECTION_ROOTS, SECTIONS_PER_ROOT, SECTION_SIZE_BITS, MAX_PHYSMEM_BITS.
• drgn.Type.variable_declaration() was added. It formats a variable declaration with a given type.
• drgn.Type.unaliased() and drgn.Type.unaliased_kind() were added. They get information about a type with top-level typedefs removed.
• drgn.Object.format_() now takes a integer_base parameter to control whether integers are printed in decimal, hexadecimal, or octal.
• drgn.Object.subobject_() was added. It does one or more member or element lookups from a string.
• drgn.Program.read_c_string() was added. It reads a null-terminated string from program memory.
• drgn.Program.address_size() was added. It returns the size of an address in the program.
• drgn.Program.config was added. It is a dictionary that can be used internally and by users to store arbitrary configuration information.
• drgn.Program.core_dump_path was added. It is the path of the core dump file being debugged.
• Object lookups (e.g., drgn.Program[], drgn.Program.object()) now raise drgn.ObjectNotFoundError instead of KeyError or LookupError. ObjectNotFoundError is a subclass of KeyError, so this should not break existing code.
• Linux 6.17 and 6.18 are now supported.
  • The drgn.helpers.linux.timekeeping helpers were updated to handle the core timekeeping structure being changed in Linux 6.17.
  • tools/fsrefs.py was updated to handle a change in how block devices used by Btrfs were tracked in Linux 6.17.
  • drgn.helpers.linux.fs.d_path() when passed only a dentry was updated to handle a change to the list of super block mounts in Linux 6.18.
  • drgn.helpers.linux.net.get_net_ns_by_inode() was updated to handle a moved structure member in Linux 6.18.
  • drgn now handles empty E...

drgn 0.0.32

This is a smaller release that mainly fixes a few important bugs and tweaks a couple of the APIs added in the last release. It also adds several new helpers and features.

Note that this release was originally going to drop support for Python 3.6 and 3.7, but that was postponed by one release. This is the last release to support Python 3.6 and 3.7.

New features:

• Support for reading ELF symbols from MiniDebugInfo was added. This is commonly used on Fedora Linux and its derivatives. Contributed by Stephen Brennan.
• The is_pp_page() helper was added to drgn.helpers.linux.net. It returns whether a page came from the page pool allocator. Contributed by Dragos Tatulea.
• The bitmap_weight() helper was added to drgn.helpers.linux.bitmap. It returns the number of set bits in a bitmap.
• The cpumask_weight(), num_online_cpus(), num_possible_cpus(), and num_present_cpus() helpers were added to drgn.helpers.linux.cpumask. They return the number of CPUs in a CPU mask.
• The drgn.helpers.linux.timekeeping module was added. It contains helpers for getting monotonic, real, boot, and TAI timestamps in seconds (ktime_get{,_real,_boottime,_clocktai}_seconds()) and coarse nanoseconds (ktime_get_coarse{,_real,_boottime,_clocktai}_ns()). It also contains shortcuts for getting system uptime as a float (uptime()) or a human-readable string (uptime_pretty()).
• The print_table() helper was added to drgn.helpers.common.format. It prints data formatted as an aligned table.
• drgn.execscript() now accepts an optional dictionary of globals instead of always using the caller's globals. Contributed by Stephen Brennan.
• Modules can now have multiple, discontiguous address ranges, represented in drgn.Module.address_ranges. drgn.Module.address_range is kept as an alias for modules with only one address range.
• tools/fsrefs.py gained a new mode for finding references to a Btrfs subvolume.
• Linux 6.16 is now supported. No updates were required.

Incompatible changes:

• The drgn.DebugInfoOptions.directories option has been split into two options. Previously, relative paths in directories had a special meaning and were only used for searches by debug link. Now, relative paths in directories do not have any special meaning (they are used relative to the current working directory). Instead, debug_link_directories is provided to control searches by debug link. This provides more predictable behavior for the --debug-directory command line option.

• drgn.Program.load_debug_info(main=True, default=False) (and thus the --main-symbols command line option) now creates all loaded modules instead of just the main module. Contributed by Stephen Brennan.

Bug fixes:

• Symbols from data sections are now properly found in Linux kernel modules on Linux 6.4+.
• A full ELF symbol table now overrides a partial symbol table that was found earlier.
• An empty argument to the -e command line option now executes an empty statement instead of entering interactive mode.
• The drgn.helpers.linux.fs.for_each_mount() helper now skips cursors (fake mount objects used between Linux 5.8 and 6.8). Contributed by Stephen Brennan.
• Several reference leaks that leaked drgn.Program objects were fixed. Partially contributed by Stephen Brennan.
• An out of bounds memcpy() in the deserialize_struct64 test case was fixed on i386.

Documentation:

• Documentation of the tie-breaking behavior of symbol searches by address was clarified.
• Bad formatting in a few code examples was fixed.

contrib directory:

• contrib/pp_leak was added. It contains a few scripts for finding page pool leaks, adapted from Dragos Tatulea's talk at Netdev 0x19. Contributed by Dragos Tatulea.

Packaging changes:

• drgn now optionally depends on liblzma for MiniDebugInfo support.

drgn 0.0.31

This is the largest release of drgn since 0.0.1 (the first release). It adds brand new command line options and APIs for controlling how debugging information is found, improved debuginfod integration, stack tracing through unknown kernel modules with ORC, a few new helpers, bug fixes, and more.

New features:

• The way drgn finds debugging symbols was completely rewritten in order to add command line options and APIs providing more control over this process. Special thanks to Stephen Brennan for feedback and improvements.
  • New classes were added for representing modules (i.e., binaries, shared libraries, kernel modules, etc.): drgn.MainModule, drgn.SharedLibraryModule, drgn.VdsoModule, drgn.RelocatableModule, and drgn.ExtraModule.
  • New methods were added to drgn.Program for querying what modules are loaded in a program and manually overriding what drgn determines: modules(), loaded_modules(), create_loaded_modules(), main_module(), shared_library_module(), vdso_module(), relocatable_module(), linux_kernel_loadable_module(), extra_module(), and module().
  • Options for controlling how debugging information is found were added as drgn.Program.debug_info_options.
  • New command line options were added to the drgn CLI for controlling how debugging information is found: --try-symbols-by, --no-symbols-by, --debug-directory, --no-default-debug-directories, --kernel-directory, and --no-default-kernel-directories.
  • New methods for adding custom debugging information finders were added to drgn.Program: register_debug_info_finder(), registered_debug_info_finders(), set_enabled_debug_info_finders(), enabled_debug_info_finders(), and find_standard_debug_info().
  • drgn now logs the process of finding modules and debugging symbols. To see these logs, use the command line option --log-level debug.
• depmod(8) metadata is no longer required for finding debugging symbols for Linux kernel modules (but it is still used as an optimization when available).
• A progress bar is now shown when downloading debugging symbols from debuginfod.
• Kernel debugging information can now be downloaded from debuginfod (although due to debuginfod server limitations, this is currently only enabled for Fedora Linux kernels).
• A plugin system was added. Plugins can hook into program initialization to register debugging information finders, object/type/symbol finders, and more.
• Support was added for indexing DWARF imported units and gnu_debugaltlink files, which are used by some Linux distributions.
• Snippets of code can now be run directly from the command line using the new -e option. Contributed by Stephen Brennan.
• drgn.StackFrame.name will now fall back to the symbol name or program counter when full debugging information is not available for a function. The old behavior (fall back to None) is now available as drgn.StackFrame.function_name. Contributed by Stephen Brennan.
• Support was added for kernel stack unwinding using ORC even when debugging symbol files are not available. Contributed by Stephen Brennan.
• Stack traces from a struct pt_regs are now always allowed even in live userspace processes. Contributed by Stephen Brennan.
• NULL function pointer calls can now be unwound in stack traces on AArch64.
• When stack_trace(0) fails for the Linux kernel, it now suggests using stack_trace(idle_task(cpu)).
• drgn.cli.default_globals() was added. It returns the dictionary of globals that drgn would use in an interactive session. Contributed by Stephen Brennan.
• Absent objects now record the reason that they are absent: drgn.Object.absence_reason_.
• The drgn.helpers.linux.kthread module was added. It provides two helpers for working with kernel threads, to_kthread() and kthread_data().
• The kernfs_parent() and kernfs_root() helpers for examining the kernfs hierarchy were added to the drgn.helpers.linux.kernfs module.
• Linux 6.14 and 6.15 are now supported.
  • Kernel module support was updated for Linux 6.14.
  • The drgn.helpers.linux.fs.path_lookup() and drgn.helpers.linux.kernfs helpers were updated for Linux 6.15.
• drgn.helpers.linux.sched.task_cpu() and stack traces were fixed for CentOS/RHEL 9 kernels. Contributed by Georges Aureau.

Incompatible changes:

• Debugging symbol files provided by the user are now matched more strictly (by build ID). This fixes a common source of confusion but unfortunately isn't backwards compatible.
  • If a file provided with the command line option -s/--symbols or passed to drgn.Program.load_debug_info() doesn't match a loaded module, a warning will be printed and the file will be ignored.
  • If you really want to use a file for a specific module, then find the module (e.g., with drgn.Program.modules() or drgn.Program.module()) and add the file with drgn.Module.try_file(path, force=True).
  • If you really want to load debugging symbols from a file without associating it with a loaded module, use the --extra-symbols command line option or drgn.Program.extra_module(...).try_file(path).

Bug fixes:

• The -s option now finds the correct addresses for userspace programs.
• The drgn CLI was fixed to handle its standard input not being a terminal.
• Downloads from debuginfod can now be interrupted with Ctrl-C.
• drgn.helpers.experimental.kmodify.call_function() now type checks arguments passed as Python values correctly (more strictly).
• drgn.helpers.experimental.kmodify.call_function() now works around a Clang sign extension bug.
• The rbp register is now recovered correctly when unwinding through an interrupt handler on a kernel using the ORC unwinder.
• The addresses of member functions in C++ with both out-of-line and inline instances are now properly reported.
• DWARF expressions with a DW_OP_addr operation in the middle of the expression are now handled correctly with (K)ASLR.
• The DW_CFA_GNU_args_size DWARF expression operation is now handled (ignored).
• Core dumps with a non-null-terminated process name (such as those generated by gcore(1)) are now handled instead of failing. Contributed by Stephen Brennan.
• drgn.FaultErrors raised from Python memory readers are now properly propagated instead of turning into a hard error. Contributed by Stephen Brennan.
• A use-after-free or double-free when parsing invalid DWARF information was fixed.
• del prog.language now raises an exception instead of segfaulting.

Other improvements:

• Optimized out variables are now printed as <optimized out> instead of <absent>.
• libkdumpfile support was updated for incompatible changes in libkdumpfile 0.5.5. Contributed by Petr Tesarik.

Documentation:

• An interactive tutorial (also available as a video) was added.
• The documentation for getting debugging symbols was updated and expanded.
  • This page also now uses the shell builtin command -v instead of which since the latter is not always available. Contributed by Septatrix.
• A man page was added.

contrib directory:

• stack_trace_call_fault.py now supports AArch64.
• negdentdelete.py was fixed for Linux < 6.8. Contributed by Septatrix.

Packaging changes:

• drgn now depends on libdebuginfod. This can be configured as a soft runtime dependency (--with-debuginfod --enable-dlopen-debuginfod, which is the default and the recommended setting for distributions), a hard runtime dependency (--with-debuginfod --disable-dlopen-debuginfod), or disabled entirely (--without-debuginfod).
• setup.py no longer builds libdrgn.so. It can still be built with --enable-libdrgn, but that's not recommended for distributions.

Tutorial Assets

This is a dummy GitHub release for storing assets, not a real release of drgn.

drgn 0.0.30

This release adds new APIs for providing symbol information to drgn, support for the new Python 3.13 REPL, and a few important bug fixes.

New features:

• The drgn.SymbolIndex class was added. It provides an efficient implementation of a symbol finder for a static list of symbols. Contributed by Stephen Brennan.
• The drgn.helpers.linux.kallsyms module was added. It provides two helpers, load_vmlinux_kallsyms() and load_module_kallsyms(), that can be used to look up symbols without full debugging information. Contributed by Stephen Brennan.
• The CLI will now use the enhanced REPL added in Python 3.13 when available. This greatly improves the user experience with multiline editing, colorized output, and more. Contributed by Stephen Brennan.
• Linux 6.13 is now supported. No updates were required.

Bug fixes:

• Linux kernel stack traces now reliably continue through interrupt handlers as long as the kernel uses the ORC unwinder.
• The slab_cache_for_each_allocated_object() and slab_object_info() helpers in drgn.helpers.linux.slab now report cycles in SLUB freelists instead of getting stuck in an infinite loop.
• QEMU guest memory dumps of the Linux kernel with KASLR disabled can now be debugged.
• The css_for_each_child() and css_for_each_descendant_pre() helpers in drgn.helpers.linux.cgroup were fixed to include offlined css objects. Contributed by Michal Koutný.
• The REPL now gracefully displays objects that cannot be read instead of failing with a drgn.FaultError.
• A double reference count decrement in an error path of initializing the drgn Python bindings was fixed.

Documentation:

• Documentation for installing drgn on Arch Linux was updated now that drgn is officially packaged on Arch Linux. Contributed by Christian Heusel.
• Documentation for installing drgn and debugging symbols on Oracle Linux was added. Contributed by Stephen Brennan.

contrib directory:

• contrib/bpf_inspect.py was fixed to handle Linux < 5.10 when printing BPF programs. Contributed by Ze Gao.
• contrib/cgroup.py now has a stat subcommand for printing the number of online and dying css objects. Contributed by Michal Koutný.
• contrib/cgroup.py's bpf subcommand was fixed to not access an array out of bounds on Linux >= 5.15.
• contrib/ptdrgn.py was fixed to gracefully display objects that cannot be read. Contributed by Stephen Brennan.

Internal:

• Many preparations were made for the upcoming module API.
• The internal drgndoc Sphinx extension was fixed to handle deprecated ast nodes that were removed in Python 3.14.

drgn 0.0.29

This is a small release fixing the call_function(), write_memory(), and write_object() helpers in drgn.helpers.experimental.kmodify for kernels with CONFIG_MODVERSIONS=y.

drgn 0.0.28

New features:

• The drgn.helpers.experimental.kmodify module was added. It provides helpers for modifying the running kernel, including calling arbitrary functions (call_function()) and writing to memory (write_memory(), write_object()).
• Virtual address translation and stack trace support for 32-bit Arm were added.
• The drgn.implicit_convert() function was added. It converts an object to a type using C's implicit conversion rules (i.e., the rules used when assigning to a variable without an explicit cast).
• The drgn.alignof() function was added. It returns the alignment requirement of a type.
• The drgn.helpers.linux.module module was added. It provides helpers for looking up and inspecting Linux kernel modules: address_to_module(), find_module(), for_each_module(), module_address_regions(), and module_percpu_region(). Contributed by Stephen Brennan.
• The drgn.helpers.linux.sched.task_thread_info() helper was added. It returns the struct thread_info * for a given struct task_struct *.
• The drgn.helpers.linux.fs.d_path() helper can now return an absolute path given only a dentry. Contributed by Stephen Brennan.
• drgn.Thread now has a name attribute. Contributed by Ryan Wilson.
• tools/fsrefs.py gained a new mode for finding what is using the filesystem on a given block device.
• Linux 6.11 and 6.12 are now supported.
  • tools/fsrefs.py was updated to handle changes to uprobes in Linux 6.12.
• Virtual address translation on AArch64 now supports Armv8.7 FEAT_LPA2 (52-bit virtual addresses with 4k or 16k pages, added in Linux 6.9).
• Absent objects with void type can now be printed instead of raising a TypeError.

Bug fixes:

• The drgn.cast() function was fixed to allow casting anything to a void type.
• The drgn.cast() function's handling of casting to bool was fixed to convert to 0 or 1 instead of truncating to 8 bits.
• The bool() operator was fixed to return False for array objects with address 0 (which is possible with weak symbols).
• The bool() operator was fixed to allow passing a function object instead of raising a TypeError.
• Functions that have both out-of-line and inline instances now have their address properly reported instead of being returned as absent objects.
• Virtual address translation support on s390x was fixed to handle the virtual/physical address split in Linux 6.10.
• Virtual address translation support on AArch64 was fixed to handle the fallback from 52- to 48- or 47-bit virtual addresses with 4k or 16k pages if the hardware doesn't support FEAT_LPA2.
• The drgn.helpers.common.memory.identify_address() helper was fixed to not fail on kernels using the SLOB allocator. Contributed by Stephen Brennan.
• The drgn.helpers.common.memory.identify_address() helper was fixed to properly identify vmap allocations on kernels not using vmap stacks.
• The type annotation for drgn.Object.from_bytes_() was fixed to accept buffer types other than bytes.
• A build script was fixed to work on POSIX (non-Bash) shells. Contributed by Sam James.

API changes:

• The struct, union, class, and enum keywords are now omitted when formatting a C++ type name.
• The bit_offset and bit_field_size parameters of drgn.Object.from_bytes_() were fixed to be keyword-only as intended. They were previously annotated as keyword-only but were accepted positionally at runtime.

Documentation:

• Gentoo installation instructions were added. Contributed by Sam James.
• Positional-only parameters are now documented (using the standard / syntax).
• Helpers that depend on virtual address translation support now document that dependency, including the ways it can fail.
• Stale documentation referring to complex types, which are not implemented, was removed.

contrib directory:

• contrib/bpf_inspect.py can now show maps and subprograms used by a BPF program. Contributed by Leon Hwang.
• contrib/bpf_inspect.py was fixed to work on Python < 3.12. Contributed by Stephen Brennan.
• contrib/slabinfo.py was added. It dumps slab allocator statistics similar to /proc/slabinfo. Contributed by Kuan-Ying Lee.
• contrib/vmallocinfo.py was added. It dumps vmalloc information similar to /proc/vmallocinfo. Contributed by Kuan-Ying Lee.
• contrib/btrfs_print_fs_uuids_cache.py was added. It prints Btrfs's internal list of filesystem UUIDs. Contributed by Srivathsa Dara.
• contrib/dm_crypt_key.py was updated to handle Linux < 6.7.

Internal:

• Some code was moved to a new, top-level Python package, _drgn_util.

drgn 0.0.27

This release adds a few helpers, more pluggability for finding types, objects, and symbols, lots of new or improved scripts in contrib, and other improvements and bug fixes.

New features:

• The print_annotated_memory() helper was added to drgn.helpers.common.memory. It dumps a region of memory and annotates values that can be identified.
• The identify_address() helper in drgn.helpers.common.memory can now identify Linux kernel vmap addresses and vmap kernel stacks.
• The member_at_offset() helper was added to drgn.helpers.common.type. It returns the name of the member at an offset in a type.
• The bdev_partno() helper was added to drgn.helpers.linux.block. It returns the partition number of a block device.
• More flexible APIs for naming, reordering, and disabling type and object finders were added.
• An API for registering custom symbol finders was added. Contributed by Stephen Brennan.
• Support for Linux 6.9 and 6.10 was added.
  • The drgn.helpers.linux.stackdepot.stack_depot_fetch() helper was updated for Linux 6.9 (and 6.8.5).
  • The drgn.helpers.linux.block.for_each_disk() and drgn.helpers.linux.mm.PageSlab() helpers were updated for Linux 6.10.
• The VMCOREINFO metadata for a kernel core dump can now be manually overridden through the Python API or the CLI. Contributed by Stephen Brennan.
• x86-64 kernel core dumps without virtual memory information can now be read. Contributed by Stephen Brennan and Illia Ostapyshyn.
• RISC-V kdump-compressed core dumps are now recognized as RISC-V when compiled with libkdumpfile 0.5.4 or newer. Contributed by Stephen Brennan.

Bug fixes:

• A case where drgn would fail to get the value of a local variable in an inlined function (usually when it had been spilled to the stack) was fixed.
• Stack traces from kernel core dumps with missing (offline or unresponsive) CPUs were fixed.
• Missing exception throws were added for some internal allocation failure checks in the drgn Python bindings.

contrib directory:

• contrib/search_kernel_memory.py was added. It searches all of kernel RAM for a given byte string.
• contrib/gcore.py was added. It can extract a core dump of a running process without stopping it, or of a process from a kernel core dump.
• contrib/btrfs_tree.py was substantially improved with new helpers and support for almost all Btrfs item types.
• contrib/negdentdelete.py was added. It frees negative dentries. Contributed by Stephen Brennan.
• contrib/bpf_inspect.py was updated to work on Linux 6.4 and later, gained a new command to list BPF links, gained an interactive mode, and added more detailed information. Contributed by Leon Hwang.
• contrib/irq.py was updated to work on Linux 6.5 and later. Contributed by Imran Khan.
• contrib/lsmod.py was updated to work on Linux 6.4 and later.

Internal:

• libdrgn's internal hash table implementation was optimized to use slightly less memory.
• Unit tests were added for a lot of libdrgn internals.
• Stephen Brennan fixed an issue with builds for free-threaded Python.
• Michel Lind enabled Packit builds for CentOS Stream 9.

drgn 0.0.26

This release adds several helpers, support for DWARF package files, the fsrefs.py tool, and a few other improvements and bug fixes.

New features:

• The print_dmesg() helper was added to drgn.helpers.linux.printk. It is a shortcut for printing the contents of the kernel log buffer.
• The idr_for_each_entry() helper was added to drgn.helpers.linux.idr.
• Helpers for the Linux kernel's plist (priority-sorted list) data structure were added in drgn.helpers.linux.plist. Plists are used by futexes, real-time scheduling classes, and swap.
• The stack_depot_fetch() helper was added in drgn.helpers.linux.stackdepot. It gets a stack trace from the stack depot, which is used by KASAN and other debugging tools in the kernel to store unique stack traces. Contributed by Peter Collingbourne.
• drgn.Program.stack_trace_from_pcs() was added. It creates a drgn.StackTrace from a list of program counters. Contributed by Peter Collingbourne.
• Support for Linux 6.8 was added.
  • The for_each_mount() and path_lookup() helpers from drgn.helpers.linux.fs were updated for Linux 6.8. The for_each_mount() update was contributed by Johannes Thumshirn.
• DWARF package (.dwp) files are now supported when built with elfutils >= 0.191.
• drgn.reinterpret() can now be used for primitive scalar values (but you usually want drgn.cast()).
• drgn now transparently supports reading from pointers using AArch64's Top Byte Ignore (TBI) feature. Contributed by Peter Collingbourne.

Bug fixes:

• The print_annotated_stack() helper from drgn.helpers.common.stack was made more robust against corrupted stack traces.
• A memory leak when handling types with C++ template parameters was fixed.
• Types from type units from split DWARF files can now be searched by name.

Other improvements:

• drgn.FaultError is now imported in the CLI by default.
• drgn.FaultErrors caused by invalid physical addresses will now indicate that the address was physical.
• Build errors when compiling against Python 3.13 alpha 4 were fixed.

Tools:

• tools/fsrefs.py was added. It searches for everything in the kernel referencing a file or filesystem.

contrib directory:

• contrib/btrfs_orphan_subvolumes.py was added. It looks for Btrfs subvolumes that have been deleted but not yet cleaned up.
• contrib/dm_crypt_key.py was added. It reads the master key of a dm-crypt device from kernel memory (currently only if the encryption mode is aes-xts-plain64).

drgn 0.0.25

This release adds some usability improvements, lots of new helpers, fixes for stack traces from exotic core dumps, and more.

New features:

• The prog argument can now be omitted from most function calls in the CLI. Library users can configure the same behavior with drgn.set_default_prog() and drgn.get_default_prog().
• drgn.stack_trace() was added as a shortcut for drgn.Program.stack_trace().
• drgn can now be run against the live kernel as a non-root user. It uses sudo to open /proc/kcore. Contributed by Stephen Brennan.
• Helpers for the Linux kernel's maple tree data structure were added in drgn.helpers.linux.maple.
• vma_find() and for_each_vma() helpers were added to drgn.helpers.linux.mm. They look up or iterate over virtual memory areas in an address space, respectively.
• Helpers for Linux kernel wait queues were added in drgn.helpers.linux.wait. Contributed by Imran Khan.
• The drgn.helpers.linux.cpumask.cpumask_to_cpulist() helper was added. It converts a struct cpumask * to a CPU list string. Contributed by Imran Khan.
• cpu_online_mask(), cpu_possible_mask(), and cpu_present_mask() helpers were added to drgn.helpers.linux.cpumask.
• Support for Linux 6.6 and 6.7 was added.
  • The drgn.helpers.linux.mm.compound_order() helper was updated for Linux 6.6.
  • The drgn.Program.threads() iterator was updated for Linux 6.7.
• The drgn.helpers.linux.slab helpers were updated to handle kernels with CONFIG_SLUB_TINY enabled.
• The compound page helpers in drgn.helpers.linux.mm were updated to handle the RHEL 7 kernel. Contributed by Oleksandr Natalenko.
• Virtual address translation support was added for ppc64. Contributed by Sourabh Jain.
• drgn now supports the flattened kdump format when built with libkdumpfile support. Contributed by Petr Tesarik.
• drgn.Program.set_core_dump() and drgn.program_from_core_dump() now accept a file descriptor. Contributed by Stephen Brennan.

Backwards-incompatible changes:

• The allow_negative parameter of drgn.helpers.linux.fs.path_lookup(), and the src, dst, and fstype parameters of drgn.helpers.linux.fs.for_each_mount() and drgn.helpers.linux.fs.print_mounts() are all now keyword-only. This was necessary to allow omitting the prog argument without ambiguity.
• Type hints are no longer supported for Python 3.6 and Python 3.7. Those Python versions are still supported at runtime.

Bug fixes:

• Stack traces were fixed for core dumps from QEMU's dump-guest-memory command, ppc64 vmcores on Linux 6.5+ (and recent stable kernels), and s390x vmcores.
• Type annotations and documentation for drgn.Program.add_type_finder() and drgn.Program.add_object_finder() were corrected. Contributed by Stephen Brennan.
• Relocations for 32-bit Arm and x86 were fixed to use drgn's own implementation as intended instead of libdwfl's. This is mainly a performance improvement.

Other improvements:

• The cmdline() and environ() helpers in drgn.helpers.linux.mm now return None for kernel threads instead of raising an exception. Contributed by Peter Collingbourne.
• AArch64 virtual address translation was optimized to only read the minimum amount of page table data. Contributed by Peter Collingbourne.
• The warning when debugging symbols are not found now includes a link to the drgn documentation for how to get debugging symbols. Contributed by Alex Gartrell.
• The documentation for C operator equivalents was improved.

contrib directory:

• contrib/find_struct_file.py was added. It looks for references to a struct file *.
• contrib/stack_trace_call_fault.py was added. It manually unwinds a stack trace from a call to an invalid address on x86-64.
• contrib/irq.py was added. It prints out IRQs, their affinities, and statistics. Contributed by Imran Khan.
• contrib/vmmap.py was updated to work on Linux 6.1+.