Splunk Crashing with ExceptionCode: c0000005 (Acce...

dusitnd · ‎05-26-2020

I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.
Individual search heads in a cluster crash with no log messages in Splunk or event logs aside from a .dmp file:

ntdll!RtlpWaitOnCriticalSection+0x87:
00007ff8`3c99df33 ff4124          inc     dword ptr [rcx+24h] ds:00000000`00000024=????????
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff83c99df33 (ntdll!RtlpWaitOnCriticalSection+0x0000000000000087)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  splunkd.exe

WRITE_ADDRESS:  0000000000000024 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

Has anyone seen this issue before?

richgalloway · ‎05-26-2020

You should open a support case. They probably will tell you to install version 8.0.4, however.

---
If this reply helps you, Karma would be appreciated.

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

indexer clustering

search head

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Are you a member of the Splunk Community?