gcore

gcore [options] pid

-o filename
    Specify the output filename for the core dump. Defaults to 'core.pid' if not provided.

-a
    Dump all thread stacks (only useful for multi-threaded applications).

The gcore command creates a core dump of a running process. This core dump captures the memory image of the process at a specific point in time, allowing developers to analyze the process's state for debugging purposes. It's an invaluable tool for identifying crashes, deadlocks, memory leaks, or other unexpected behavior in production or testing environments.

gcore uses the ptrace system call to attach to the target process and extract its memory. The resulting core file can then be loaded into a debugger like gdb for detailed inspection. gcore is particularly useful when a process is stuck or misbehaving in a way that doesn't cause an immediate crash, making traditional debugging methods difficult.

The target process will be briefly paused while the core dump is being created. Creating a core dump can consume significant disk space, especially for large processes. gcore needs permission to ptrace the target process, usually requiring the user to be the owner of the process or to have root privileges. gcore might not work correctly if the target process is actively using specific system calls or has certain security restrictions in place.

To create a core dump of process with PID 1234, simply run: gcore 1234.
To save the core dump to a specific file: gcore -o my_process.core 1234.
For multithreaded applications: gcore -a 1234.

gcore has been a part of coreutils for a while. Early usages centered around debugging server processes to uncover the roots of problems such as memory leaks and deadlocks. Development and enhancements have largely revolved around improved stability and thread support.

gdb(1), ptrace(2), kill(1)