Unable to attach to Go programs

[nela]

I am trying to instrument a Go binary (Authelia), but the program fails to attach, failing to find the symbol.

The program

#include "vmlinux.h"
// #include <bpf/bpf_core_read.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>

char LICENSE[] SEC("license") = "Dual BSD/GPL";

SEC("uprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth")
int BPF_KPROBE(handle_auth) {

  bpf_printk("Triggered handle_auth\n");

  return 0;
}

Output

$ sudo ./auth
libbpf: loading object 'auth_bpf' from buffer
libbpf: elf: section(3) uprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth, size 48, link 0, flags 6, type=1
libbpf: sec 'uprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth': found program 'handle_auth' at insn offset 0 (0 bytes), code size 6 insns (48 bytes)
libbpf: elf: section(4) .reluprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth, size 16, link 12, flags 40, type=9
libbpf: elf: section(5) license, size 13, link 0, flags 3, type=1
libbpf: license of auth_bpf is Dual BSD/GPL
libbpf: elf: section(6) .rodata, size 23, link 0, flags 2, type=1
libbpf: elf: section(7) .BTF, size 965, link 0, flags 0, type=1
libbpf: elf: section(9) .BTF.ext, size 96, link 0, flags 0, type=1
libbpf: elf: section(12) .symtab, size 144, link 1, flags 0, type=2
libbpf: looking for externs among 6 symbols...
libbpf: collected 0 externs total
libbpf: map 'auth_bpf.rodata' (global data): at sec_idx 6, offset 0, flags 480.
libbpf: map 0 is "auth_bpf.rodata"
libbpf: sec '.reluprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth': collecting relocation for section(3) 'uprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth'
libbpf: sec '.reluprobe//home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth': relo #0: insn #0 against '.rodata'
libbpf: prog 'handle_auth': found data map 0 (auth_bpf.rodata, sec 6, off 0) for insn 0
libbpf: map 'auth_bpf.rodata': created successfully, fd=4
libbpf: elf: failed to find symbol 'github.com' in '/home/nela/authelia/authelia'
libbpf: prog 'handle_auth': failed to auto-attach: -2
Failed to attach BPF skeleton

ELF

$ readelf -s --wide ./authelia | rg verifyAuth
 32794: 00000000010a5d80  2263 FUNC    LOCAL  DEFAULT   16 github.com/authelia/authelia/v4/internal/handlers.verifyAuth

With bpftrace

$ sudo bpftrace -e 'uprobe:/home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth { printf("%s\n", probe); }'
Attaching 1 probe...
uprobe:/home/nela/authelia/authelia:github.com/authelia/authelia/v4/internal/handlers.verifyAuth

Not quite understanding why this fails.. Is there a better way to go about instrumenting go binaries?

[anakryiko]

libbpf has some assumption about ELF symbol being more or less valid C identifier, which Go clearly violates. We can improve that on libbpf side, but meanwhile try doing attachment programmatically using bpf_program__attach_uprobe_opts()