Ask Your Question

What is abrt and the process abrt-action-generate-core-backtrace?

asked 2014-01-17 23:42:15 -0500

slm gravatar image

updated 2014-05-11 13:51:09 -0500

mether gravatar image

I recently noticed a process I hadn't seen before called abrt-action-generate-core-backtrace that was churning on my laptop. I waited a bit and it never seemed to stop so I killed it.


  • Did I just shoot myself in the foot somehow down the road?
  • What was this process doing?
  • Is there a way to spy on what this application is up to?
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2014-01-17 23:48:38 -0500

slm gravatar image

updated 2014-01-18 01:31:27 -0500

FranciscoD_ gravatar image

Initial investigation

I checked to see what RPMs this application was a part of.

$ type -a abrt-action-generate-core-backtrace
abrt-action-generate-core-backtrace is /usr/bin/abrt-action-generate-core-backtrace
abrt-action-generate-core-backtrace is /bin/abrt-action-generate-core-backtrace

$ rpm -qf /usr/bin/abrt-action-generate-core-backtrace /bin/abrt-action-generate-core-backtrace

That package's description is as follows:

This package contains hook for C/C++ crashed programs and abrt's C/C++

The RPM also mentions this URL: That URL takes you to a page that claims it's obsolete, directing you now to a GitHub page:


This is apparently a package for reporting problems.

ABRT is a set of tools to help users detect and report problems. It's main purpose is to ease the process of reporting an issue and finding a solution.

It goes on to also describe it as follows:

ABRT consists of a daemon that monitors logs, system crashes and triggers events based on the type of crash. Also provides desktop notification that popup at the time of a crash. The user can work with gnome-abrt, GUI that presents a list of crashes and available actions or abrt-cli, command line interface with similar functionality.

The overview page lists the following features of the ABRT daemon that it will automatically detect issues for, and automatically report logs back to "somewhere".

  • C/C++ crashes
  • generates backtrace automatically (installs debuginfo pkgs if necessary)
  • identifies the crashing function
  • unhandled Python exceptions
  • kernel oopses (non critical)
  • kernel crashes (critical, system crashes)
  • XORG crashes (xorg doesn't crash like other C/C++ programs)
  • Java exceptions (using JVMTI, still proof of concept, might have performance impact)

So what was it doing?

The overview page mentioned this path for ABRT, /var/tmp/abrt.

$ ls -l /var/tmp/abrt/
total 4536
-rw-------. 1 root root 13344768 Jan  9 19:32 abrt-applet-coredump
-rw-------. 1 root root       13 Jan 17 12:13 last-ccpp
-rw-------. 1 root root       15 Jan 13 17:13 last-via-server

The file for today, last-ccpp would be the likely candidate for what abrt... was up to. That file wasn't much help.

$ sudo more /var/tmp/abrt/last-ccpp

The overview page then showed a screenshot that I did recognize. So I think killing the abrt... process is not much of a risk at all.

edit flag offensive delete link more


FranciscoD_ gravatar imageFranciscoD_ ( 2014-01-17 23:49:47 -0500 )edit

@FranciscoD_ - thanks I have those links in the A but I don't have enough rep to post links yet.

slm gravatar imageslm ( 2014-01-18 00:33:24 -0500 )edit

I'll edit your answer and update the links. :)

FranciscoD_ gravatar imageFranciscoD_ ( 2014-01-18 01:29:28 -0500 )edit

Question Tools


Asked: 2014-01-17 23:42:15 -0500

Seen: 2,448 times

Last updated: Jan 18 '14