coredumpctl

List all captured core dumps

$ coredumpctl

$ coredumpctl list [program]

$ coredumpctl info [PID]

$ coredumpctl debug

$ coredumpctl debug [program]

$ coredumpctl [[-o|--output]] [path/to/file] dump [program]

$ coredumpctl debug [[-A|--debugger-arguments]] "-iex 'set debuginfod enabled on' -iex 'set pagination off' -ex bt"

coredumpctl [OPTIONS...] COMMAND [PID|COMMISSION|PATH...]

COMMAND
    The specific operation to perform. Common commands include list (to list dumps), info (to show details), dump (to extract raw dump), gdb (to launch debugger), extract (to extract files), and cat (to show stdout/stderr).

PID|COMMISSION|PATH...
    One or more identifiers for core dumps. Can be a process ID (PID), an executable name (COMMISSION), or a file path to a core dump.

--json
    Output in JSON format, useful for scripting and programmatic parsing.

--all
    Show core dumps from all users and sessions, not just the current one.

--no-pager
    Do not pipe output into a pager program (e.g., less), displaying it directly to the console.

--unit=UNIT
    Filter core dumps by the systemd unit name that generated them (e.g., --unit=my-service.service).

--output=FIELD,...
    Specify a comma-separated list of fields to display for the list command. Available fields can be found in the manual.

--field=FIELD
    Add an extra field to the default output of the list command without replacing defaults.

--since=DATE
    Show core dumps since a specified date or time string (e.g., '2023-01-01', 'yesterday', 'now - 1h').

--until=DATE
    Show core dumps until a specified date or time string.

--file=FILE
    Specify an uncompressed core dump file to operate on instead of querying the systemd journal/storage directly.

--executable=PATH
    Specify the path to the original executable that corresponds to the core dump for some operations like gdb or debug.

coredumpctl is a command-line utility used to query, inspect, and extract core dumps collected by the systemd-coredump service. It provides a standardized and integrated way to handle process crashes on Linux systems running systemd.

When an application crashes, the kernel typically generates a core dump file containing a snapshot of the process's memory and state. The systemd-coredump service, acting as a kernel helper, captures these dumps, compresses them (often using zstd), and stores them in a designated location (usually /var/lib/systemd/coredump).

coredumpctl allows administrators and developers to list available core dumps, view their metadata, extract the original executable or other relevant files, and even directly launch a debugger like gdb on a specific core dump, significantly simplifying debugging efforts.

Core Dump Storage: Core dumps can be very large, potentially consuming significant disk space. Ensure sufficient storage and consider systemd-coredump configuration for cleanup policies.
Sensitive Information: Core dumps contain a snapshot of a process's memory, which may include sensitive data like passwords, encryption keys, or private user information. Exercise caution when sharing or storing them.
Permissions: Accessing core dumps, especially those from other users or system processes, typically requires elevated privileges (e.g., root access) or membership in the systemd-coredump group.

By default, systemd-coredump stores processed core dumps in a dedicated location, usually /var/lib/systemd/coredump. These files are often compressed (e.g., with zstd) to save disk space.

Metadata about each core dump (e.g., crashing PID, executable path, signal) is logged to the systemd journal. coredumpctl queries this journal for filtering and listing core dumps. The actual core dump data is stored separately from the journal.

Core dumps are typically compressed by systemd-coredump using zstd for efficient storage. coredumpctl can decompress them on the fly when you use commands like gdb, dump, or extract, or you can explicitly uncompress them using the uncompress command.

Part of the systemd project, coredumpctl was introduced to provide a standardized, integrated mechanism for handling process core dumps. Its development aimed to replace ad-hoc core dump collection scripts and enable system-wide management and inspection of crash artifacts directly within the systemd ecosystem. It leverages the kernel's core_pattern mechanism, redirecting core dumps to the systemd-coredump service for processing and storage.

systemd-coredump(8), systemd(1), gdb(1), core(5), journalctl(1)