Splunk Crashing with ExceptionCode: c0000005 (Acce...

dusitnd · ‎05-26-2020

I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.
Individual search heads in a cluster crash with no log messages in Splunk or event logs aside from a .dmp file:

ntdll!RtlpWaitOnCriticalSection+0x87:
00007ff8`3c99df33 ff4124          inc     dword ptr [rcx+24h] ds:00000000`00000024=????????
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff83c99df33 (ntdll!RtlpWaitOnCriticalSection+0x0000000000000087)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  splunkd.exe

WRITE_ADDRESS:  0000000000000024 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

Has anyone seen this issue before?

richgalloway · ‎05-26-2020

You should open a support case. They probably will tell you to install version 8.0.4, however.

---
If this reply helps you, Karma would be appreciated.

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

indexer clustering

search head

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation