pfsense plus 25.07.1 upgrade to 25.11 crash report kea2unbound

NickD 0

Upgraded from 25.07.1 to 25.11 today with no apparent issues. However after logging into the web console I now receive these errors:

[18-Dec-2025 14:32:33 EST5EDT] PHP Fatal error:  Uncaught TypeError: substr(): Argument #1 ($string) must be of type string, false given in /usr/local/bin/kea2unbound:479
Stack trace:
#0 /usr/local/bin/kea2unbound(479): substr()
#1 /usr/local/bin/kea2unbound(489): kea2unbound\unbound_read_include_hash()
#2 /usr/local/bin/kea2unbound(738): kea2unbound\unbound_write_include()
#3 /usr/local/pfSense/include/vendor/symfony/console/Command/Command.php(279): kea2unbound\SyncCommand->execute()
#4 /usr/local/pfSense/include/vendor/symfony/console/Application.php(1076): Symfony\Component\Console\Command\Command->run()
#5 /usr/local/pfSense/include/vendor/symfony/console/Application.php(342): Symfony\Component\Console\Application->doRunCommand()
#6 /usr/local/pfSense/include/vendor/symfony/console/Application.php(193): Symfony\Component\Console\Application->doRun()
#7 /usr/local/bin/kea2unbound(796): Symfony\Component\Console\Application->run()
#8 {main}
  thrown in /usr/local/bin/kea2unbound on line 479

All services are healthy, Kea DHCPv4 and DHCPv6, and unbound are all running and seem to be operating with no issue. I'm not sure what is causing these errors though.

stephenw10

You are seeing the errors repeatedly? Not just at boot?

Are you able to resolve Kea leases in Unbound as expected?

Gertjan

@NickD-0

Not the same thing, as your error concerns another file, but have a look at this : kea2unbound crash report.

In short : this script file (program) "kea2unbound" want to access, didn't exist (anymore).
( in plain English you can see what happened at line 479 - it want to read the first line of the file, and it's 'gone' ).

From what I make of it : the file in question, /var/unbound/leases/leases4.conf exists "all the time".

This is where your error comes from :

The file name, in variable $unboundIncludeFile, exist, and is set to "/var/unbound/leases/leases4.conf".
The file really exists, so it was 'opened' for reading = 'r'.
The first line read in with fgets() ..... and that's where the issue is : this script adheres to "quick and dirty" way of doing things : the file had a zero byte size = empty = so fgets fails ....
The file should contain at least these 3 lines :

# 81c5309521d7f1f0
# Automatically generated! DO NOT EDIT!
# Last updated: 2025-12-19 07:59:41
.....

The fun part : It's "kea2unbound" who created /var/unbound/leases/leases4.conf in the first place.

So, what happened ?

Wild guess : the file was created, but during creation, kea2unbound failed 'some how'. The result is : an empty zero byte "/var/unbound/leases/leases4.conf".
kea2unbound restarted, wanted to check the first line, so it opens the file, and because the open was successful it reads hash line, but the file is empty so it failed as you've shown.

It could even be an 'out of disk space issue'.

redmine it ?

NickD 0

@stephenw10 Yes repeatedly, I just checked the log and it's showing the same PHP error every few minutes. I can resolve the auto-added kea leases with no issue.

NickD 0

@Gertjan I will take a good look at this when I return. I did see that function and the hash check but didn't have time to dig deeper into the actual file that's opened. I'll report back later on progress. I did check redmine but nothing similar has been reported yet. I wanted to post here prior to opening an issue, especially if it turns out to be "self-inflicted".

stephenw10

If you flush the existing dhcp lease table from the Status > DHCP Leases page do the errors continue. Possibly there's a corrupt entry there.

NickD 0

@stephenw10 Sorry we lost power for 12 hours yesterday, I wasn't able to respond. I tried flushing the leases. Same PHP errors but I noticed the unbound lease file for ipv6 exists but is empty. I'm going to try removing it and restarting services.

NickD 0

@stephenw10 I removed the empty leases6.conf then restarted unbound and kea. That seems to have resolved the original errors. The newly created leases6.conf has valid data in it now.

stephenw10

Hmm, so the file existed but was empty?

NickD 0

@stephenw10 Yes, leases6.conf existed in /var/unbound/leases/ at zero bytes.

NickD 0

@stephenw10 I've got another issue related to pfBlocker-NG as well (not related to missing VIPs though - I added those back manually). This other issue happens when pfb_filter service restarts. The pfblocker-ng error log shows these errors for known-valid clients on the LAN:

PFB_FILTER - 7 | Collect dynamic DHCP hostnames [ 12/20/25 11:36:36 ] Failed validation [ desktop-0mlm8mr. ]

I can resolve those hostnames with no error from the firewall and other clients on the LAN.

Maybe totally unrelated but maybe not?

stephenw10

Hmm, no I'm not familiar with that. I'd ask in the pfBlocker sub.

cmcdonald

I've pushed a few fixes for edge cases in kea2unbound. Should be improved in next release