coredumpctl

Examine and manage core dumps

TLDR

List all captured core dumps

$ coredumpctl

List captured core dumps for a program

$ coredumpctl list [program]

Show information about the core dumps matching a program with PID

$ coredumpctl info [PID]

Invoke debugger using the last core dump

$ coredumpctl debug

Invoke debugger using the last core dump of a program

$ coredumpctl debug [program]

Extract the last core dump of a program to a file

$ coredumpctl [[-o|--output]] [path/to/file] dump [program]

Skip debuginfod and pagination prompts and then print the backtrace when using gdb

$ coredumpctl debug [[-A|--debugger-arguments]] "-iex 'set debuginfod enabled on' -iex 'set pagination off' -ex bt"

SYNOPSIS

coredumpctl [OPTIONS...] {COMMAND} [ARGUMENTS...]

Commands: list [PATTERN], info [ID...], debug [ID...] [EXECUTABLE], gdb [ID...] [EXECUTABLE], dump [ID...]

-h, --help
    Print help text and exit.

--version
    Print version string and exit.

--no-pager
    Do not pipe output to pager.

--no-legend
    Do not show column headers/legend.

-o, --output=STRING
    Set output format (e.g., short, json, verbose, cat).

-a, --all
    Show all fields, including long ones.

--since=TIME
    Filter by timestamp start (e.g., 'yesterday').

--until=TIME
    Filter by timestamp end.

-r, --reverse
    Show entries in reverse chronological order.

-n, --lines=INT
    Limit output lines (default 10).

--no-field-names
    Do not show field names.

--no-ascii
    Do not escape UTF-8, use Unicode box chars.

--fields=FIELDS
    List specific fields.

DESCRIPTION

coredumpctl is a utility from the systemd suite for listing, inspecting, and debugging core dumps generated when processes crash. Core dumps capture a process's memory image, stack traces, and registers, aiding in post-mortem analysis. On systemd-based systems, the systemd-coredump service handles dump collection, storing them alongside journal entries.

It supports filtering dumps by time, PID, UID, executable, or signal; extracting dumps for tools like GDB; and configuring storage via coredump.conf(5). Common use cases include debugging application crashes in production without debug symbols, via commands like coredumpctl gdb for interactive sessions or coredumpctl dump to save files.

Dumps are indexed by unique IDs in the journal, enabling queries like coredumpctl list --since yesterday. By default, dumps are compressed and stored in /var/lib/systemd/coredump, with policies controlling retention based on size, count, or age. This tool integrates seamlessly with journalctl for correlated logs.

CAVEATS

Requires systemd >= 219 with coredump enabled via Storage= in coredump.conf(5). Dumps may be absent if disabled, quota exceeded, or process not configured for dumping. Root privileges needed for some operations. Large dumps can fill disk; monitor via journal.

KEY SUBCOMMANDS

list: List core dumps with fields like PID, UID, signal.
info ID: Detailed dump metadata.
debug/gdb ID: Launch GDB on dump.
dump ID: Extract core file.

EXAMPLE USAGE

coredumpctl list /usr/bin/myapp — List crashes of myapp.
coredumpctl gdb 12345 — Debug dump ID 12345 with GDB.

HISTORY

Introduced in systemd v219 (October 2015) as part of systemd-coredump for unified core dump handling replacing traditional kernel core_pattern. Evolved with systemd releases, adding JSON output, better filtering in v233+, and integration with systemd's journal.