I'm looking for a way to take a non-intrusive coredump of a running process on Linux.
I'm familiar with gdb's gcore
, but that can only be run when gdb
is attached to the process and it's stopped for debugging. For a big core dump that might mean many seconds, or even a few minutes, of interrupted execution.
Is there any non-blocking alternative?
Linux supports copy-on-write memory, which it relies upon to support fork()
without exec()
. So I'm thinking of something kernel-level where the kernel takes a copy-on-write snapshot of the process page tables of the process being dumped, then writes the core out while the original process keeps on running.
I'm pretty sure I could use gdb
to force a fork()
then dump the child while the parent carries on happily, then wait()
in the parent to reap the child after termination. It's messy, though, and still requires two interruptions of the parent process, albeit short ones.
Surely someone's needed this before?
Google CoreDumper springs to mind. It makes a copy-on-write copy of the process's address space, see WriteCoreDump() (see "Notes").