I've been having issues with Winlogbeat for a while now, but I figured I'd finally get someone to look at it. The last working version of Winlogbeat I've used that hasn't shown this issue is 7.17.3, but I wasn't able to identify anything in the code that has changed that might be the cause.
I don't know how in read the crash dump, but here is the header:
Exception 0xc0000005 0x1 0x0 0x7ff9e275e254
PC=0x7ff9e275e254
runtime.cgocall(0x73c240, 0xc00456eac0)
/usr/local/go/src/runtime/cgocall.go:157 +0x4a fp=0xc003de6dd0 sp=0xc003de6d98 pc=0x6d458a
syscall.SyscallN(0x23?, {0xc003de6e68?, 0x0?, 0xc00dfd3f50?})
/usr/local/go/src/runtime/syscall_windows.go:556 +0x109 fp=0xc003de6e48 sp=0xc003de6dd0 pc=0x737289
syscall.Syscall9(0xc00dfd3f50?, 0x1?, 0x1?, 0xc003de6f10?, 0x103058f?, 0x721ee9?, 0x2763240?, 0xc00e293538?, 0xc003de6f28?, 0x0, ...)
/usr/local/go/src/runtime/syscall_windows.go:506 +0x78 fp=0xc003de6ec0 sp=0xc003de6e48 pc=0x736f98
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog._EvtFormatMessage(0xc00709cab0?, 0x23?, 0x0, 0x0, 0x0?, 0x1, 0x0, 0x1?, 0x1?)
/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/zsyscall_windows.go:132 +0xe5 fp=0xc003de6f58 sp=0xc003de6ec0 pc=0x1044ca5
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.evtFormatMessage(0xc00709cab0?, 0x23?, 0x0?, {0x0?, 0x0, 0x1?}, 0x1?)
/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/format_message.go:82 +0x9e fp=0xc003de7028 sp=0xc003de6f58 pc=0x103587e
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.getMessageString(0xc00709cab0?, 0x51e2?, 0x51e2?, {0x0?, 0x736e9b?, 0x100f9de34a970?})
/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/format_message.go:58 +0x45 fp=0xc003de7070 sp=0xc003de7028 pc=0x1035725
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.getMessageStringFromHandle(...)
/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/format_message.go:34
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.Message(0x51e2?, {0xc0090de000?, 0x2f2aa60?, 0xc0026224e0?}, 0xc003de7168)
/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/wineventlog_windows.go:274 +0x12e fp=0xc003de7140 sp=0xc003de7070 pc=0x10433ee
github.com/elastic/beats/v7/winlogbeat/eventlog.newWinEventLog.func5(0xc000e19520?)
/go/src/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go:568 +0x55 fp=0xc003de7188 sp=0xc003de7140 pc=0x1cff035
github.com/elastic/beats/v7/winlogbeat/eventlog.(*winEventLog).Read(0xc000e19520)
/go/src/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go:333 +0x792 fp=0xc003de77e8 sp=0xc003de7188 pc=0x1cfcf92
github.com/elastic/beats/v7/winlogbeat/beater.(*eventLogger).run(0xc002a2ea20, 0xc000109b00, {0x2f36898?, 0xc000809e00}, {{0xc00020a5e8, 0x13}, 0x2ed07, {0x3245aac4, 0xedb640b2c, 0x0}, ...}, ...)
/go/src/github.com/elastic/beats/winlogbeat/beater/eventlogger.go:153 +0x9f2 fp=0xc003de7ed8 sp=0xc003de77e8 pc=0x1d038f2
github.com/elastic/beats/v7/winlogbeat/beater.(*Winlogbeat).processEventLog(0x75502e7476652029?, 0x2e72657375222874?, 0x642e746567726174?, {{0xc00020a5e8, 0x13}, 0x2ed07, {0x3245aac4, 0xedb640b2c, 0x0}, {0xc001d7d980, ...}}, ...)
/go/src/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go:172 +0xb3 fp=0xc003de7f70 sp=0xc003de7ed8 pc=0x1d059f3
github.com/elastic/beats/v7/winlogbeat/beater.(*Winlogbeat).Run.func1()
/go/src/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go:140 +0x55 fp=0xc003de7fe0 sp=0xc003de7f70 pc=0x1d05855
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc003de7fe8 sp=0xc003de7fe0 pc=0x73a981
created by github.com/elastic/beats/v7/winlogbeat/beater.(*Winlogbeat).Run
/go/src/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go:140 +0x191
For now I'm going to continue to revert to 7.17.3, but would really like this solved.