gdb.debug with api=True fails on pwntools/pwntools:stable docker image

[bary12]

Running gdb.debug with api=True on the provided docker image, fails with Failed to connect to GDB: Unix socket /tmp/tmpp03qzrjf/socket was never created. See the provided log file.
This happened to me on multiple docker images, some of which I configured myself from ubuntu:24.04 and python:3.12.
works as expected without api=True

Minimal working example

pwntools version: 4.14.0 (as printed by pip show pwntools later)
host is Windows 11 (build 22631), Docker version 27.3.1, build ce12230

gist: https://gist.github.com/bary12/1e9a4b516ca6d304d72cf96c029f95ec

.
│   create_container.ps1
│
└───volume
        run_script.sh
        script.py

create_container.ps1

docker run -it `
    --privileged `
    --net=host `
    --hostname localhost `
    --ulimit core=-1:-1 `
    --mount type=bind,source=.\volume,target=/home/pwntools/volume `
    pwntools/pwntools:stable `
    /bin/bash -c "cd /home/pwntools/volume && ./run_script.sh"

run_script.sh

sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo apt-get install -y gdb gdbserver xterm
pip install --upgrade pwntools
pip show pwntools
python3 /home/pwntools/volume/script.py DEBUG LOG_FILE=/home/pwntools/volume/log.txt

script.py

from pwn import *

context.terminal = ['xterm']

gdb.debug('/bin/ls', api=True)

(this happened with multiple processes including programs I compiled myself)

full output with stacktrace

[x] Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--[◢] Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--[+] tartup-with-shell', b'localhost:0', b'/bin/ls'] : pid 1053
[DEBUG] Received 0x3c bytes:
    b'Process /bin/ls created; pid = 1056\n'
    b'Listening on port 42807\n'
[DEBUG] Wrote gdb script to '/tmp/pwnlib-gdbscript-684lav7l.gdb'
    python socket_path = '/tmp/tmpzakgk7s1/socket'
    source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
    target remote 127.0.0.1:42807
[*] running in new terminal: ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-684lav7l.gdb']
[DEBUG] Created script for new terminal:
    #!/usr/bin/python3
    import os
    os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-684lav7l.gdb'], os.environ)    
[DEBUG] Launching a new terminal: ['/usr/bin/xterm', '/tmp/tmp88s9hhy4']
[x] Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gd[|] Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gd[+] db.execute("quit 123")'] : pid 1059
[*] Process '/usr/bin/gdb' stopped with exit code 123 (pid 1059)
[ERROR] Failed to connect to GDB: Unix socket /tmp/tmpzakgk7s1/socket was never created
Traceback (most recent call last):
  File "/home/pwntools/volume/script.py", line 5, in <module> 
    gdb.debug(
  File "/usr/local/lib/python3.10/dist-packages/pwnlib/context/__init__.py", line 1690, in setter
    return function(*a, **kw)
  File "/usr/local/lib/python3.10/dist-packages/pwnlib/gdb.py", line 713, in debug
    tmp = attach((host, port), exe=exe, gdbscript=gdbscript, gdb_args=gdb_args, ssh=ssh, sysroot=sysroot, api=api)
  File "/usr/local/lib/python3.10/dist-packages/pwnlib/context/__init__.py", line 1690, in setter
    return function(*a, **kw)
  File "/usr/local/lib/python3.10/dist-packages/pwnlib/gdb.py", line 1285, in attach
    log.error('Failed to connect to GDB: Unix socket %s was never created', socket_path)
  File "/usr/local/lib/python3.10/dist-packages/pwnlib/log.py", line 439, in error
    raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: Failed to connect to GDB: Unix socket /tmp/tmpzakgk7s1/socket was never created
[*] Stopped process '/bin/ls' (pid 1056)

Debug Output

================================================================================
= Started at 2025-01-22T13:56:35                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
================================================================================
= Started at 2025-01-22T13:56:35                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
2025-01-22T13:56:35:INFO:pwnlib.tubes.process.process.140709030740944:Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--no-startup-with-shell', b'localhost:0', b'/bin/ls'] 
2025-01-22T13:56:35:INFO:pwnlib.tubes.process.process.140709030740944:Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--no-startup-with-shell', b'localhost:0', b'/bin/ls'] : pid 1032
2025-01-22T13:56:35:DEBUG:pwnlib.tubes.process.process.140709030740944:Received 0x3c bytes:
2025-01-22T13:56:35:DEBUG:pwnlib.tubes.process.process.140709030740944:b'Process /bin/ls created; pid = 1035\n'
2025-01-22T13:56:35:DEBUG:pwnlib.tubes.process.process.140709030740944:b'Listening on port 38113\n'
2025-01-22T13:56:35:DEBUG:pwnlib.gdb:Wrote gdb script to '/tmp/pwnlib-gdbscript-wl32k8vh.gdb'
python socket_path = '/tmp/tmpp03qzrjf/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:38113

2025-01-22T13:56:35:INFO:pwnlib.gdb:running in new terminal: ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-wl32k8vh.gdb']
2025-01-22T13:56:35:DEBUG:pwnlib.util.misc:Created script for new terminal:
#!/usr/bin/python3
import os
os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-wl32k8vh.gdb'], os.environ)

2025-01-22T13:56:35:DEBUG:pwnlib.util.misc:Launching a new terminal: ['/usr/bin/xterm', '/tmp/tmp55xrczob']
================================================================================
= Started at 2025-01-22T13:56:45                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030743632:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")'] 
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030743632:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")'] : pid 1038
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030743632:Process '/usr/bin/gdb' stopped with exit code 123 (pid 1038)
2025-01-22T13:56:45:ERROR:pwnlib.gdb:Failed to connect to GDB: Unix socket /tmp/tmpp03qzrjf/socket was never created
================================================================================
= Started at 2025-01-22T13:56:45                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
================================================================================
= Started at 2025-01-22T13:56:45                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
================================================================================
= Started at 2025-01-22T13:56:45                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030740944:Stopped process '/bin/ls' (pid 1035)

Verify on Ubuntu

My host is a windows machine, however this probably shouldn't matter as the guest is the provided ubuntu container.

My attempts at debugging this - Attempt 1

I tried adding a log file to the gdb instance itself, using -ex set logging enabled on -ex set logging file /home/pwntools/volume/gdb_log.txt,
however said logfile was not created. Pwntools logfile shows:

os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-ex', 'set', 'logging', 'enabled', 'on', '-ex', 'set', 'logging', 'file', '/home/pwntools/volume/gdb_log.txt', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-7t8wsfvq.gdb'], os.environ)

2025-01-22T14:04:42:DEBUG:pwnlib.util.misc:Launching a new terminal: ['/usr/bin/xterm', '/tmp/tmpxjt57_oa']
================================================================================
= Started at 2025-01-22T14:04:52                                               =
= sys.argv = [                                                                 =
=   '/home/pwntools/volume/script.py',                                         =
= ]                                                                            =
================================================================================
2025-01-22T14:04:52:INFO:pwnlib.tubes.process.process.140021372817456:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")'] 
2025-01-22T14:04:52:INFO:pwnlib.tubes.process.process.140021372817456:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")'] : pid 1038
2025-01-22T14:04:53:INFO:pwnlib.tubes.process.process.140021372817456:Process '/usr/bin/gdb' stopped with exit code 123 (pid 1038)
2025-01-22T14:04:53:ERROR:pwnlib.gdb:Failed to connect to GDB: Unix socket /tmp/tmpui0v1vuv/socket was never created

so the -ex es were passed correctly, but the process itself isn't launching.

My attempts at debugging this - Attempt 2

Because I didn't want to get into the code, here I try to catch the contents of the /tmp/pwnlib-gdbscript-*.gdb script using a watchdog on the /tmp dir. this is the contents:

shell rm /tmp/pwnlib-gdbscript-_pupa5y5.gdb
python socket_path = '/tmp/tmp8e1s99d1/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:46601

let's try to run gdb_api_bridge.py ourselves and see the logs.

in bash file:

gdb -q /bin/ls -x /home/pwntools/volume/test_script.gdb

test_script.gdb

python socket_path = '/tmp/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:46601

resulting in:

/home/pwntools/volume/test_script.gdb:3: Error in sourced command file:
127.0.0.1:46601: Connection timed out.

so it seems like gdb_api_bridge.py didn't error, we got to the target remote line. I didn't continue further from this point.

[peace-maker]

Maybe python is too smart and terminates itself right away after executing gdb.debug('/bin/ls', api=True). Try gdb.debug('/bin/ls', api=True).interactive() to keep the Python process alive.

[bary12]

Maybe python is too smart and terminates itself right away after executing gdb.debug('/bin/ls', api=True). Try gdb.debug('/bin/ls', api=True).interactive() to keep the Python process alive.

This is just a minimal example, in the original script I tried to interact with the process through the API.

anyway tried now with interactive, same error.

[bary12]

edited the original description with the full stacktrace as it was missing from the log file.