Packaging and The Contents of mpykdump.so

SYNOPSIS

PyKdump crash extension - /usr/lib64/crash/extensions/PyKdump/mpykdump.so

DESCRIPTION

The PyKdump framework provides Python bindings to GDB/crash internals. It can be used to create Python-based programs to automate vmcore analysis and quickly process various information from vmcores. The current version of PyKdump is standardized on Python 3.

Automating the vmcore analysis requires programmatic analysis of various data structures, e.g. linked lists, structures, unions, enums, and various global variables. The PyKdump framework provides an extensive set of built-in API calls, which can be used to fetch required structures and symbols, and process them in Python programs.

To allow the kernel data structures to be processed within Python programs, the ‘PyKdump’ framework first maps the C structures used within the Linux kernel to Python objects. For example, PyKdump maps C ‘struct’ and ‘union’ by creating corresponding Python objects with attributes matching the respective field names of the C struct/union. Other C data types are mapped to similar Python types, e.g. C ‘int’ is mapped to Python ‘integer’. Also, most operators in C are mapped to similar Python operators.

The 'mpykdump.so' extension consists of:

o Embedded Python interpreter

o Interface module to crash internals

o Subset of the Python Standard Library

o Standard tools built on top of PyKdump as listed below

The extension file is constructed as a shared library with ZIP-archive appended. This extension includes the Python3 interpreter (embedded) and a comprehensive subset of the Python3 Standard Library (strings, sockets, option parsers, itertools, etc.) but not the whole library (as it is huge). This design makes it completely independent of the Python version installed on the host where you do dump analysis.

There are several practical programs already developed using this framework that can be used immediately, including:

xportshow - Displays information about connections and sockets

crashinfo - Shows general information about the kernel dump

scsishow - Shows SCSI subsystem information from the dump

dmshow - Shows device-mapper, multipath, and LVM information

taskinfo - Prints process/task status information as captured at the time of crash

nfsshow - Prints NFS client/server information from the dump

hanginfo - Summarizes information about hung tasks

The above list is not comprehensive, and new commands are added periodically. For a full list, use the 'extend' command in crash or see the User Guide page in this documentation.

EXAMPLES

The mpykdump extension can be loaded in the crash environment as follows:

crash> extend /usr/lib64/crash/extensions/PyKdump/mpykdump.so

To view the ready-to-use programs:

crash> extend
SHARED OBJECT                                    COMMANDS
/usr/lib64/crash/extensions/PyKdump/mpykdump.so  epython xportshow crashinfo taskinfo
                                                 nfsshow hanginfo fregs tslog scsi
                                                 scsishow dmshow pstree modinfo

As soon as the extension is loaded, any of the above programs can be executed as a normal command in the crash environment. For example, running the dmshow program to review LVM information:

crash>  dmshow --lvs
LV DM-X DEV   LV NAME      VG NAME           OPEN COUNT       LV SIZE (MB)     PV NAME
dm-0          lv_root      vg_system                  1           28156.00     sda
dm-1          lv_swap      vg_system                  1            2048.00     sda
dm-2          lv_app2      vg_app2                    1           20476.00     sdd
dm-3          lv_app1      vg_app1                    1          425980.00     sdc
dm-4          lv_swap2     vg_swap2                   1           14332.00     sdb
dm-5          lv_var       vg_system                  1           18432.00     sda
dm-6          lv_tmp       vg_system                  1            2048.00     sda

** Execution took   1.12s (real)   1.11s (CPU)
crash>

Running hanginfo:

crash> hanginfo
*** UNINTERRUPTIBLE threads, classified ***

================== Waiting in io_schedule ==================
... 7 pids. Youngest,oldest: 2757, 1787  Ran ms ago: 80427, 227483
sorted by ran_ago, youngest first
[2757, 1785, 1519, 809, 13462, 17140, 1787]

********  Non-classified UN Threads ********** 5 in total

------- 1 stacks like that: ----------
#0   schedule
#1   start_this_handle
#2   jbd2_journal_start
#3   ext4_journal_start_sb
#4   ext4_dirty_inode
#5   __mark_inode_dirty
#6   file_update_time
#7   __generic_file_aio_write
#8   generic_file_aio_write
#9   ext4_file_write
#10  do_sync_write
#11  vfs_write
#12  sys_write
#13  sysenter_dispatch
#14  ia32_sysenter_target
#15  ia32_sysenter_target
[...]

The '-h' (help) argument with any of the above programs will provide more information about the options supported by the program.

The PyKdump framework also allows execution of newly written Python programs without recompiling the whole extension. If there is any custom python program written under the PyKdump framework, it can be executed directly using the epython command as shown below:

crash> epython  <path-to-PyKdump-python-program>

For example: To run the hello.py PyKdump program from the below location:

$ cat hello.py
# This is a basic PyKdump program
from pykdump.API import*
print("Hello PyKdump")

crash> epython  /usr/lib64/crash/extensions/PyKdump/hello.py
Hello PyKdump

ENVIRONMENT

PYKDUMPPATH

The 'PYKDUMPPATH' environment variable is similar to the PATH variable in Linux. It can be used to specify the path for Python programs written under this framework. After setting this variable, users can directly execute the Python program from the crash environment without specifying its full path.

For example, the following directory contains a couple of Python programs:

$ ls /cores/crashext/epython/storage
dm.py  dmshow.py  rqlist.py  scsishow.py

Set the PYKDUMPPATH variable with the above path:

$ export PYKDUMPPATH=/cores/crashext/epython/storage
$ echo $PYKDUMPPATH
/cores/crashext/epython/storage

The epython command provided by mpykdump.so can now directly access the above programs:

crash> extend /usr/lib64/crash/extensions/PyKdump/mpykdump.so
crash> epython -p
3.7.3 (default, Oct  7 2019, 11:22:29)
     [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)]
     ['.', '/cores/crashext/scsishow.so/pylib',
                    '/cores/crashext/epython/storage',
                    '/cores/crashext/scsishow.so',
                    '/cores/crashext/scsishow.so/dist-packages']

crash> ls /cores/crashext/epython/storage
dm.py  dmshow.py  rqlist.py  scsishow.py

crash> epython dmshow.py
NUMBER  NAME                 MAPPED_DEVICE    FLAGS
dm-0    vg00-root       0xffff93d725733800    flags: 0x43      [Device suspended]
dm-1    vg00-swap       0xffff93ee12bac000    flags: 0x43      [Device suspended]
[...]

Changes to the PYKDUMPPATH variable can be made persistent by adding an entry for it in your ~/.bash_profile file:

e.g.
$ cat ~/.bash_profile
export PYKDUMPPATH="$PYKDUMPPATH:/cores/crashext/epython/storage"

To automatically load the crash extensions at the start of a crash session, add the following entry in your .crashrc file:

$ cat ~/.crashrc
extend /usr/lib64/crash/extensions/PyKdump/mpykdump.so

SEE ALSO

o Upstream project page: <https://sourceforge.net/projects/pykdump>

o Programmatic Kernel Dump Analysis On Linux: <https://www.kernel.org/doc/ols/2009/ols2009-pages-251-262.pdf>

o DevConf.CZ talk on PyKdump: <http://people.redhat.com/mgandhi/presentation_pykdump.pdf>

crash(8), gdb(1) man pages