ASM bd daemon crash while processing request body (SIGSEGV) – anyone seen similar behavior?

Hello folks

I am currently investigating a recurring ASM bd daemon crash (SIGSEGV) on a BIG-IP system and would like to ask if anyone has seen something similar.

It looks like the crash occurs during dynamic parameter inspection or metacharacter validation in request body parameters.

Environment:

• BIG-IP version: started 16.1.6.1 I tried update to 17.1.3 -> now 17.1.3.1 b.006

• Traffic type: mobile application API traffic

• Requests contain JSON payloads in POST body

• Content-Type: application/json

• Some requests are also gzip encoded

Symptoms:

The bd process crashes intermittently under normal production traffic.

After the crash, the system generates a core dump for bd.

From initial analysis of the core file we can see that the crash happens while ASM is processing request parameters inside the request body.

Relevant strings found in the core dump include:

handle_dynamic_param_name_checks

VIOL_PARAMETER_VALUE_METACHAR

check_user_input_value

ALPHA_NUMERIC checks len

We also see that ASM is constructing a request logging record at the moment of the crash (internal #S... formatted record used by ASM logging).

Example snippet from memory:

#Sprotocol=HTTP

#Sresponse=Only illegal requests are logged

#Sroute_domain=0

#Ssession_id=...

#SHeaders=POST ...

This suggests the crash occurs while ASM is processing a request and preparing a security event/log record.