Splunk Crashing with ExceptionCode: c0000005 (Acce...

dusitnd · ‎05-26-2020

I'm seeing Splunk Enterprise Version 8.0.2 Build a7f645ddaf91 running Windows Server 2019, build 17763.1217.
Individual search heads in a cluster crash with no log messages in Splunk or event logs aside from a .dmp file:

ntdll!RtlpWaitOnCriticalSection+0x87:
00007ff8`3c99df33 ff4124          inc     dword ptr [rcx+24h] ds:00000000`00000024=????????
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff83c99df33 (ntdll!RtlpWaitOnCriticalSection+0x0000000000000087)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000024
Attempt to write to address 0000000000000024

PROCESS_NAME:  splunkd.exe

WRITE_ADDRESS:  0000000000000024 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000024

Has anyone seen this issue before?

richgalloway · ‎05-26-2020

You should open a support case. They probably will tell you to install version 8.0.4, however.

---
If this reply helps you, Karma would be appreciated.

Splunk Crashing with ExceptionCode: c0000005 (Access violation)

indexer clustering

search head

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!