kea2unbound crash report
-
I'm running 2.8.1CE and had a system crash today (below). There is nothing in DHCP or DNS system logs for the past month. I'm not doing DNS registration./dynamic DNS. This is a standalone system (no HA/failover) and was a clean build on 2.7.2 upgraded to 2.8.0 > 2.8.1. Current uptime 31 days, the crash appears to have flapped the WAN port and took the system offline for a few minutes.
Crash report begins. Anonymous machine information: amd64 15.0-CURRENT FreeBSD 15.0-CURRENT #21 RELENG_2_8_1-n256095-47c932dcc0e9: Thu Aug 28 16:27:48 UTC 2025 root@pfsense-build-release-amd64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-CE-snapshots-2_8_1-main/obj/amd64/AupY3aTL/var/jenkins/workspace/pfSense-CE- Crash report details: PHP Errors: [10-Dec-2025 15:33:34 America/Denver] PHP Fatal error: Uncaught TypeError: Cannot assign null to property kea2unbound\KeaConfig::$config of type array in /usr/local/bin/kea2unbound:103 Stack trace: #0 /usr/local/bin/kea2unbound(78): kea2unbound\KeaConfig->__construct() #1 /usr/local/bin/kea2unbound(901): kea2unbound\Singleton::getInstance() #2 /usr/local/pfSense/include/vendor/symfony/console/Command/Command.php(279): kea2unbound\SyncCommand->execute() #3 /usr/local/pfSense/include/vendor/symfony/console/Application.php(1076): Symfony\Component\Console\Command\Command->run() #4 /usr/local/pfSense/include/vendor/symfony/console/Application.php(342): Symfony\Component\Console\Application->doRunCommand() #5 /usr/local/pfSense/include/vendor/symfony/console/Application.php(193): Symfony\Component\Console\Application->doRun() #6 /usr/local/bin/kea2unbound(988): Symfony\Component\Console\Application->run() #7 {main} thrown in /usr/local/bin/kea2unbound on line 103 No FreeBSD crash data found. ``` -
According to :
/cf/conf/kea4_scripts.d/kea2unbound.sh.... /usr/local/bin/kea2unbound --kea-conf /usr/local/etc/kea/kea-dhcp4.conf --unbound-conf /var/unbound/unbound.conf --include-file /var/unbound/leases/leases4.conf sync --subnet-id 3 ...The errors shows that the --kea-conf options isn't set or invalid (null).
If you use kea (DHCPv4) this file : /usr/local/etc/kea/kea-dhcp4.conf should exist.
The error makes me think the kea DHCPv4 config file doesn't exist ?!
Does it - can you check ?Btw :
/usr/local/bin/kea2unbound
and the script that calls kea2unbound are simple script files.
They can do a lot, but crashing the system isn't within their power.If the system was really crashing, the error is just a side effect.
Also :
The kea (DHCPv4) config file : /usr/local/etc/kea/kea-dhcp4.conf always exist. But when you change the kea DHCPv4 server settings in the pfSense GUI, for a moment, the file could be 'not there' or have a zero bytes size, justb the time for it to be rewritten.
But : the script file "/cf/conf/kea4_scripts.d/kea2unbound.sh" and thus /usr/local/bin/kea2unbound is called by the kea DHCPv4 server, so it (kea) has to run at that moment.
And during GUI settings changes, kea is first stopped, the config file is rewritten, and then kea is restarted again.edit : sorry, info but no solution ...
-
@Gertjan thanks for the info.
while I lost connectivity due to the WAN flap, it wasn't noticeable by the users behind the firewall. I used the term 'crash' because that's what the large warning across the top of the GUI said when I regained access.
the kea config file does exist. No changes had been made to firewall config at all, it's been static for about a month. -
Thanks for the feedback / details.
The restart of an interface, for example when a new IP is assigned, something that can happen with a WAN interface, can (will) restart several services. kea (V4), afaik, doesn't need to be restarted. I'm not sure if it restarts if a WAN event happens.
If it does, then this will explain what happened; why you saw the "Crash report". Just before it happened, kea handled a DHCP lease request, and then it fires of tehse :
You see : "/usr/local/bin/kea_run4" ? Have a look - it's a shell script ;)
This scripts launches the script I already mentioned earlier : "/cf/conf/kea4_scripts.d/kea2unbound.sh"
and this one will launch yet another script : "/usr/local/bin/kea2unbound".
Now, image that right after the initial script launch from the "kea-dhcp4.conf" file, a WAN event happened, and keav4 is restarted. For a very small moment, the "kea-dhcp4.conf" won't exist - and you - your pfSense, managed to find that very small moment, and got a PHP error "crash" because it discovered that "kea-dhcp4.conf" was gone for an instant .....Be ware : the script file that discovers that "kea-dhcp4.conf" didn't exist, was triggered to execute by the very same file .... that didn't exist (for a very small moment) ^^ So it was there ... then it wasn't ... and shortly afterwards it will be there again for sure.
My theory would be possible if keav4 restarts during a WAN interface.
Keav6 (the IPv6 version) is more likely to restart as a new IPv6 prefix could have been assigned by the WAN change. A restart of keav6 is probably needed, and here we go again.
Long story short : keep this issue on a post-it somewhere, as it might be a very rare situation. You found it, and took the time to talk about it. That's good ^^ We'll see what the future brings.
Maybe : a future solution : if "/usr/local/etc/kea/kea-dhcp4.conf" doesn't, "sleep for 500 ms seconds and test again" will deal with it.
-
G Gertjan referenced this topic on
-
For reference:
https://redmine.pfsense.org/issues/16602 -
I installed the two patches :
These two from here https://redmine.pfsense.org/issues/16602
b803fd3b25861b8365a2150528fc29b43f625bf2
ff266a35fd4dafba90d60f94dd481aa7eda3301cCreate a new patch.
Copy past, fro example, b803fd3b25861b8365a2150528fc29b43f625bf2 into the "URL/Commit ID" field. I used the forum URL as the description.
Save.
Fetch.
Apply.And again for the second one.
Both applied well.