Whitelist_mode return Fatal trap 9

[zloirus]

Good day. After loading secadm.rules with whitelist_mode, any try of calling command witch enabled in secadm.rulesl return. But if I try run something witch is not in whitelist everything is fine, secadm just deny the command and server keep working. I tried install secadm from sourcecode and from pkg, and tested it in several PC's evrywhere result is the same. EROR: Fatal trap 9: general protection fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x20:0xffffffff93f218f7 stack pointer = 0x28:0xfffffe001a23af20 frame pointer = 0x28:0xfffffe001a23b490 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 38332 (csh) [ thread pid 38332 tid 100829 ] Stopped at secadm_vnode_check_exec+0x2c7: movq ll+0x7(%rax),%rsi

My secadm.rules

_secadm {
        integriforce {
                path: "/bin/ls",
                hash: "ebcba2ce62c25e44afa6b27dd208f8f709737ac5",
                type: "sha1",
                mode: "hard"
        },
        integriforce {
                path: "/bin/csh",
                hash: "900e7726a1fd47368f78454e0e7bf709866446e6",
                type: "sha1",
                mode: "hard"
        },
        whitelist_mode: true
}

uname -a FreeBSD test 12.0-CURRENT FreeBSD 12.0-CURRENT #0 [DEVEL:HardenedBSD-CURRENT-amd64:1184]: Mon Apr 30 16:41:48 UTC 2018 root@nyi-01.build.hardenedbsd.org:/usr/obj/usr/src/amd64.amd64/sys/HARDENEDBSD amd64

But if I try run something witch is not in whitelist everything is fine, secadm just deny the command and server keep working

[lattera]

FreeBSD revamped how locking in the kernel works under-the-hood. secadm currently abuses some of the old behaviors, which don't work well with the revamped locking code. I'm (slowly) working on a more simplistic rewrite of secadm that addresses this issue.