gcore

Create core dump of running process

SYNOPSIS

gcore [-o FILE] [--help] [--version] PID

-o FILE, --outfile=FILE
    Write output core dump to FILE instead of default core.PID

--help
    Display usage summary and exit

--version
    Print gcore version information and exit

DESCRIPTION

gcore is a command-line utility from the GNU Debugger (GDB) package that creates a core dump file from a specified running process without terminating it. A core dump captures the process's memory image, registers, stack, and execution state at that moment, enabling detailed post-mortem analysis for debugging crashes, hangs, or unexpected behaviors.

It attaches to the target process using the ptrace system call, pauses execution briefly, dumps the necessary data, and then detaches, allowing the process to resume. This non-destructive approach is ideal for production servers or long-running services where restarting is costly.

By default, the output file is named core.PID in the current working directory, where PID is the process ID. Core dumps can be large, proportional to the process's virtual memory usage. Analyze them with GDB via gdb /path/to/executable core.PID.

Requires appropriate permissions: either own the process or run as root. Useful for scenarios like investigating memory leaks or segmentation faults remotely.

CAVEATS

Requires ptrace permissions (may be restricted by kernel settings like Yama ptrace_scope=1). Process pauses briefly during dump, potentially causing minor delays. Large processes need ample disk space. Does not work on protected processes (e.g., some containers). Core may be incomplete if process uses huge pages or private mappings.

gcore

Create core dump of running process

SYNOPSIS

PARAMETERS

DESCRIPTION

CAVEATS

EXAMPLES

ANALYSIS

HISTORY

SEE ALSO