Bug ID 570058: [IPsec] tmm crash 'invalid racoon2 block header prefix' at informational_initiator_transmit_post_process

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Jan 26, 2016

Severity: 3-Major


During IPsec configuration changes, an IKEv2 message may fail to be sent to the peer, and the packet memory could be release twice that causes segmentation fault crash in TMM.


Traffic disrupted while tmm restarts.


IPsec configuration changes, and IKEv2 tries to send message to the disconnected remote peer.


The situation is rare, and mostly caused by rapid IPsec configuration changes to traffic-selectors or ipsec-policies. Pacing the configuration changes apart in time will help avoid the situation.

Fix Information

The double-release of the packet memory for the IKEv2 message has been fixed so that the rare sequence of IPsec configuration change does not cause TMM core.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips