Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Ken_D_
Beginner
106 Views

Report a crash in IntelCameraPlugin64.dll on Microsoft Surface Pro 4

We have received multiple crashes from our customers since March 2016, all of the crashes were reported from Microsoft Surface Pro 4 with same pattern, as following:

ChildEBP RetAddr 
0b52f9e0 62d582e1 0x42d94a0
0b52fa1c 62d5cc30 SensorsApi!CSensorV2::DataCallback+0x1aa
0b52fa28 65eed409 SensorsApi!CSensorV2::s_DataCallback+0x10
0b52fabc 75743744 SensorsNativeApi_V2!NativeSensorCollectionNotifThread+0x389
0b52fad0 77a59e54 kernel32+0x13744
0b52fb18 77a59e1f ntdll+0x59e54
0b52fb28 00000000 ntdll+0x59e1f

 

We then purchased a Microsoft Surface Pro 4 and debugged into the deep details, it seems it's caused by our software loading the Intel AVStream 2500 camera, which then loading the camera plugin IntelCameraPlugin64.dll, which then creating thread and loading SensersApi. It's seems the sensorsAPI callback was not handled correctly, and crashed.

 

All of the crashes we received use the same version of IntelCameraPlugin64.dll, which is 1.0.0.1. Hopefully Intel can soon release a driver update to fix this problem.

 

==========================================

Here are the call statcks. Thread #30 is main thread, which loads IntelCameraPlugin64.dll, which then creates thread #42. Thread # 42 is a background thread which loads SensorsApi.

 

 30  Id: 1a4c.1a6c Suspend: 1 Teb: 00387000 Unfrozen

 # ChildEBP RetAddr  

00 0018c380 75e8a4fa ntdll!NtWaitForMultipleObjects+0xc

01 0018c514 73c4c47b KERNELBASE!WaitForMultipleObjectsEx+0x10a

02 0018c57c 75c598ac USER32!MsgWaitForMultipleObjectsEx+0x17b

03 0018c5b4 75c58e36 combase!CCliModalLoop::BlockFn(void ** ahEvent = 0x0018c5d4, unsigned long cEvents = 1, unsigned long * lpdwSignaled = 0x0018c5ec)+0x11c

04 0018c5f8 75c58d68 combase!ModalLoop(class CSyncClientCall * pClientCall = 0x0b55b770)+0xa7

05 0018c614 75c8054e combase!ClassicSTAThreadDispatchCrossApartmentCall(struct tagRPCOLEMESSAGE * pMessage = 0x0018c8b0, class OXIDEntry * pOXIDEntry = 0x007a18d8, class CSyncClientCall * pClientCall = 0x0b55b770)+0x48

06 (Inline) -------- combase!CSyncClientCall::SwitchAptAndDispatchCall+0x11f

07 0018c730 75c7fbc2 combase!CSyncClientCall::SendReceive2(struct tagRPCOLEMESSAGE * pMessage = 0x0018c8b0, unsigned long * pstatus = 0x0018c878)+0x34e

08 (Inline) -------- combase!SyncClientCallRetryContext::SendReceiveWithRetry+0x2f

09 (Inline) -------- combase!CSyncClientCall::SendReceiveInRetryContext+0x2f

0a (Inline) -------- combase!ClassicSTAThreadSendReceive+0x24a

0b 0018c854 75c1bd8b combase!CSyncClientCall::SendReceive(struct tagRPCOLEMESSAGE * pMessage = 0x0018c8b0, unsigned long * pulStatus = 0x0018c878)+0x362

0c (Inline) -------- combase!CClientChannel::SendReceive+0xbb

0d 0018c880 76129799 combase!NdrExtpProxySendReceive(void * pThis = 0x0b55b9dc, struct _MIDL_STUB_MESSAGE * pStubMsg = 0x0018c8dc)+0x11b

0e 0018c898 761036fe RPCRT4!NdrpProxySendReceive+0x29

0f 0018cccc 75c1c914 RPCRT4!NdrClientCall2+0x39e

10 0018ccec 75cf528f combase!ObjectStublessClient(void * ParamAddress = 0x0018cd04, long Method = 0n4)+0x74

11 0018ccfc 75cbc4c1 combase!ObjectStubless(void)+0xf

12 0018cd2c 75cbc250 combase!CProcessActivator::CCICallback(unsigned long dwContext = 1, struct IUnknown * pUnkOuter = 0x00000000, class ActivationPropertiesIn * pActIn = 0x0018d0d0, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018d948)+0xa1

13 0018cd50 75cbc2e7 combase!CProcessActivator::AttemptActivation(class ActivationPropertiesIn * pActIn = 0x0018d0d0, struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018d948, <function> * pfnCtxActCallback = 0x75cfedd0, unsigned long dwContext = 1)+0x40

14 0018cd90 75cbc777 combase!CProcessActivator::ActivateByContext(class ActivationPropertiesIn * pActIn = 0x0018d0d0, struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018d948, <function> * pfnCtxActCallback = 0x75cfedd0)+0x77

15 0018cdc0 75cb62da combase!CProcessActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018d948)+0x67

16 0018ce0c 75cb929d combase!ActivationPropertiesIn::DelegateCreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesOut ** ppActPropsOut = 0x0018d948)+0xba

17 0018d070 75cb62ba combase!CClientContextActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018d948)+0xfd

18 0018d0bc 75c91186 combase!ActivationPropertiesIn::DelegateCreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesOut ** ppActPropsOut = 0x0018d948)+0x9a

19 0018da40 75c903f9 combase!ICoCreateInstanceEx(struct _GUID * OriginalClsid = <Value unavailable error>, struct IUnknown * punkOuter = 0x00000000, unsigned long dwClsCtx = 1, struct _COSERVERINFO * pServerInfo = 0x00000000, unsigned long dwCount = 1, unsigned long dwActvFlags = 0, struct tagMULTI_QI * pResults = 0x0018dab0, class ActivationPropertiesIn * pActIn = 0x0018d0d0)+0xc46

1a 0018da8c 75c9026a combase!CComActivator::DoCreateInstance(struct _GUID * Clsid = 0x6627e9c0 {77A1C827-FCD2-4689-8915-9D613CC5FA3E}, struct IUnknown * punkOuter = 0x00000000, unsigned long dwClsCtx = 1, struct _COSERVERINFO * pServerInfo = 0x00000000, unsigned long dwCount = 1, struct tagMULTI_QI * pResults = 0x0018dab0, class ActivationPropertiesIn * pActIn = 0x00000000)+0x149

1b (Inline) -------- combase!CoCreateInstanceEx+0x105

1c 0018dac4 6619ef22 combase!CoCreateInstance(struct _GUID * rclsid = 0x6627e9c0 {77A1C827-FCD2-4689-8915-9D613CC5FA3E}, struct IUnknown * pUnkOuter = 0x00000000, unsigned long dwContext = 1, struct _GUID * riid = 0x662847f4 {BD77DB67-45A8-42DC-8D00-6DCF15F8377A}, void ** ppv = 0x0b557868)+0x13a

WARNING: Stack unwind information not available. Following frames may be wrong.

1d 0018db10 6615d1e4 IntelCameraPlugin!DllInstall+0x174d2

1e 0018db48 66167a24 IntelCameraPlugin!SkyCamAIC::GetAICVersion+0x1d94

1f 0018db90 6617ccef IntelCameraPlugin!SkyCamAIC::GetAICVersion+0xc5d4

20 0018de60 6617c9ab IntelCameraPlugin!SkyCamAIC::GetAICVersion+0x2189f

21 0018dea0 6618ad5d IntelCameraPlugin!SkyCamAIC::GetAICVersion+0x2155b

22 0018ded8 6618b1e5 IntelCameraPlugin!DllInstall+0x330d

23 0018df08 6618b0f4 IntelCameraPlugin!DllInstall+0x3795

24 0018df14 66157dbb IntelCameraPlugin!DllInstall+0x36a4

25 0018df28 75cbd490 IntelCameraPlugin!ia_me_corner_init+0x543b

26 0018dfa8 75cb62b3 combase!CServerContextActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98)+0x1a0

27 0018dff4 75cbbf92 combase!ActivationPropertiesIn::DelegateCreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesOut ** ppActPropsOut = 0x0018ec98)+0x93

28 0018e04c 75cbc485 combase!CApartmentActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98)+0xa2

29 0018e07c 75cbc250 combase!CProcessActivator::CCICallback(unsigned long dwContext = 1, struct IUnknown * pUnkOuter = 0x0534f414, class ActivationPropertiesIn * pActIn = 0x0018e420, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98)+0x65

2a 0018e0a0 75cbc2e7 combase!CProcessActivator::AttemptActivation(class ActivationPropertiesIn * pActIn = 0x0018e420, struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98, <function> * pfnCtxActCallback = 0x75cfedd0, unsigned long dwContext = 1)+0x40

2b 0018e0e0 75cbc777 combase!CProcessActivator::ActivateByContext(class ActivationPropertiesIn * pActIn = 0x0018e420, struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98, <function> * pfnCtxActCallback = 0x75cfedd0)+0x77

2c 0018e110 75cb62da combase!CProcessActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98)+0x67

2d 0018e15c 75cb929d combase!ActivationPropertiesIn::DelegateCreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesOut ** ppActPropsOut = 0x0018ec98)+0xba

2e 0018e3c0 75cb62ba combase!CClientContextActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesIn * pInActProperties = 0x0018e5f4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0018ec98)+0xfd

2f 0018e40c 75c91186 combase!ActivationPropertiesIn::DelegateCreateInstance(struct IUnknown * pUnkOuter = 0x0534f414, struct IActivationPropertiesOut ** ppActPropsOut = 0x0018ec98)+0x9a

30 0018ed90 75c903f9 combase!ICoCreateInstanceEx(struct _GUID * OriginalClsid = <Value unavailable error>, struct IUnknown * punkOuter = 0x0534f414, unsigned long dwClsCtx = 0x401, struct _COSERVERINFO * pServerInfo = 0x00000000, unsigned long dwCount = 1, unsigned long dwActvFlags = 0, struct tagMULTI_QI * pResults = 0x0018edfc, class ActivationPropertiesIn * pActIn = 0x0018e420)+0xc46

31 0018edd8 75c9026a combase!CComActivator::DoCreateInstance(struct _GUID * Clsid = 0x053517d0 {FEB9695C-C7DF-4D40-8019-00FA047288FF}, struct IUnknown * punkOuter = 0x0534f414, unsigned long dwClsCtx = 0x401, struct _COSERVERINFO * pServerInfo = 0x00000000, unsigned long dwCount = 1, struct tagMULTI_QI * pResults = 0x0018edfc, class ActivationPropertiesIn * pActIn = 0x00000000)+0x149

32 (Inline) -------- combase!CoCreateInstanceEx+0x105

33 0018ee10 66a5d1ad combase!CoCreateInstance(struct _GUID * rclsid = 0x053517d0 {FEB9695C-C7DF-4D40-8019-00FA047288FF}, struct IUnknown * pUnkOuter = 0x0534f414, unsigned long dwContext = 0x401, struct _GUID * riid = 0x66a41df0 {00000000-0000-0000-C000-000000000046}, void ** ppv = 0x053517e0)+0x13a

34 0018ee40 66a5d859 ksproxy!AddAggregateObject+0xb1

35 0018eee8 66a4a58d ksproxy!AggregateSets+0x1ba

36 0018ef6c 69276986 ksproxy!CKsProxy::Load+0x3cd

37 0018f018 69def5ac devenum!CDeviceMoniker::BindToObject+0x216

38 ...... ignored

# 42  Id: 1a4c.1688 Suspend: 1 Teb: 003a8000 Unfrozen

 # ChildEBP RetAddr  

00 0bf1e3f0 76f117f9 ntdll!NtMapViewOfSection+0xc

01 0bf1e450 76f113a6 ntdll!LdrpMapViewOfSection+0x76

02 0bf1e4a0 76f112d3 ntdll!LdrpMapImage+0x40

03 0bf1e4c0 76f12ad2 ntdll!LdrpMapDllWithSectionHandle+0x20

04 0bf1e518 76f3450f ntdll!LdrpMapDllNtFileName+0xde

05 0bf1e64c 76f11bed ntdll!LdrpMapDllFullPath+0x9a

06 0bf1e698 76f2e2f9 ntdll!LdrpProcessWork+0xf1

07 0bf1e6e0 76f2adfe ntdll!LdrpLoadDllInternal+0xdb

08 0bf1e82c 76f2e739 ntdll!LdrpLoadDll+0x92

09 0bf1e8b0 75e7e9e8 ntdll!LdrLoadDll+0xd9

0a 0bf1e8f4 75cbdcf5 KERNELBASE!LoadLibraryExW+0x138

0b 0bf1e918 75cbdc2d combase!LoadLibraryWithLogging(wchar_t * pwszFileName = 0x0bf1e9a0 "C:\windows\System32\SensorsApi.dll", unsigned long dwFlags = 0x2008, struct HINSTANCE__ ** phMod = 0x0bf1e970)+0x1b

0c 0bf1e93c 75cbd9ce combase!CClassCache::CDllPathEntry::LoadDll(struct DLL_INSTANTIATION_PROPERTIES * dip = 0x0bf1e9a0, <function> ** pfnGetClassObject = 0x0bf1e964, <function> ** pfnGetActivationFactory = 0x0bf1e96c, <function> ** pfnDllCanUnload = 0x0bf1e968, struct HINSTANCE__ ** hDll = 0x0bf1e970)+0xc3

0d 0bf1e97c 75cbcf55 combase!CClassCache::CDllPathEntry::Create(struct DLL_INSTANTIATION_PROPERTIES * dip = 0x0bf1e9a0, bool makeValidInCurrentApartment = false, class CClassCache::CDllPathEntry ** pDPE = 0x0bf1e99c)+0x3c

0e 0bf1ebcc 75c9295b combase!CClassCache::CClassEntry::CreateDllClassEntry(unsigned long dwContext = 1, struct ACTIVATION_PROPERTIES * ap = 0x0bf1ef44, class CClassCache::CDllClassEntry ** pDCE = 0x0bf1ec34)+0xeb

0f 0bf1eefc 75cbd87a combase!CClassCache::GetClassObjectActivator(unsigned long dwContext = 1, struct ACTIVATION_PROPERTIES * ap = 0x0bf1ef44, class CClassCache::IMiniMoniker ** ppIM = 0x0bf1ef24)+0x85b

10 0bf1ef30 75cbd41c combase!CClassCache::GetClassObject(struct ACTIVATION_PROPERTIES * ap = 0x0bf1ef44)+0x30

11 (Inline) -------- combase!CCGetClassObject+0x4c

12 0bf1efa0 75cb62b3 combase!CServerContextActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0b55da80)+0x12c

13 0bf1efec 75cbbf92 combase!ActivationPropertiesIn::DelegateCreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesOut ** ppActPropsOut = 0x0b55da80)+0x93

14 0bf1f044 761379ac combase!CApartmentActivator::CreateInstance(struct IUnknown * pUnkOuter = 0x00000000, struct IActivationPropertiesIn * pInActProperties = 0x0018d2a4, struct IActivationPropertiesOut ** ppOutActProperties = 0x0b55da80)+0xa2

15 0bf1f068 76103dc4 RPCRT4!Invoke+0x34

16 0bf1f4a8 75c1c359 RPCRT4!NdrStubCall2+0x3c4

17 0bf1f4f4 75c76906 combase!CStdStubBuffer_Invoke(struct IRpcStubBuffer * This = 0x0b55d428, struct tagRPCOLEMESSAGE * prpcmsg = 0x0b55b864, struct IRpcChannelBuffer * pRpcChannelBuffer = 0x007a2044)+0x99

18 (Inline) -------- combase!InvokeStubWithExceptionPolicyAndTracing::__l7::<lambda_adf5d6ba83bff890864fd80ca2bbf1eb>::operator()+0x1c

19 0bf1f548 75c78ae7 combase!ObjectMethodExceptionHandlingAction<<lambda_adf5d6ba83bff890864fd80ca2bbf1eb> >(class InvokeStubWithExceptionPolicyAndTracing::__l7::<lambda_adf5d6ba83bff890864fd80ca2bbf1eb> action = class InvokeStubWithExceptionPolicyAndTracing::__l7::<lambda_adf5d6ba83bff890864fd80ca2bbf1eb>, struct ObjectMethodExceptionHandlingInfo * pExceptionHandlingInfo = 0x0bf1f5b8, struct ExceptionHandlingResult * pExceptionHandlingResult = 0x0bf1f57c)+0x76

1a (Inline) -------- combase!InvokeStubWithExceptionPolicyAndTracing+0x8e

1b 0bf1f66c 75c7dd91 combase!DefaultStubInvoke(bool bIsAsyncBeginMethod = false, struct IServerCall * pServerCall = 0x0b55d92c, struct IRpcChannelBuffer * pChannel = 0x007a2044, struct IRpcStubBuffer * pStub = 0x0b55d428, unsigned long * pdwFault = 0x0bf1f7f8)+0x207

1c (Inline) -------- combase!SyncStubCall::Invoke+0x22

1d (Inline) -------- combase!SyncServerCall::StubInvoke+0x22

1e (Inline) -------- combase!StubInvoke+0x1d7

1f 0bf1f7ac 75c81e21 combase!ServerCall::ContextInvoke(struct tagRPCOLEMESSAGE * pMessage = 0x0b55b864, struct IRpcStubBuffer * pStub = 0x0b55d428, class CServerChannel * pChannel = 0x007a2044, struct tagIPIDEntry * pIPIDEntry = 0x007a3d00, unsigned long * pdwFault = 0x0bf1f7f8)+0x381

20 (Inline) -------- combase!CServerChannel::ContextInvoke+0x8d

21 (Inline) -------- combase!DefaultInvokeInApartment+0xa5

22 0bf1f8a4 75c7ae45 combase!AppInvoke(class ServerCall * pServerCall = 0x0b55d918, class CServerChannel * pChannel = 0x007a2044, struct IRpcStubBuffer * pStub = 0x0b55d428, void * pv = 0x75d985e8, void * pStubBuffer = 0x0b55d9f8, struct tagIPIDEntry * pIPIDEntry = 0x007a3d00, union WireLocalThis * pLocalb = 0x0b55d9b8)+0x981

23 0bf1fc5c 75c5e363 combase!ComInvokeWithLockAndIPID(class ServerCall * pServerCall = 0x0b55d918, struct tagIPIDEntry * pIPIDEntry = 0x007a3d00, bool * pbCallerResponsibleForRequestMessageCleanup = 0x0bf1fccb)+0x625

24 0bf1fcb0 75c5e1d1 combase!ComInvoke(class ServerCall * pServerCall = 0x0b55d918, bool * pbCallerResponsibleForRequestMessageCleanup = 0x0bf1fccb)+0x124

25 0bf1fcd0 75c5e0fc combase!ThreadDispatch(class ServerCall * pServerCall = 0x0b55d918)+0xa2

26 0bf1fce4 75c5b8fd combase!ThreadDispatchThreadProc(void * param = 0x0b55d918)+0x1c

27 0bf1fd14 75ce760f combase!CRpcThread::WorkerLoop(void)+0x3e

28 0bf1fd24 76e138f4 combase!CRpcThreadCache::RpcWorkerThreadEntry(void * param = 0x0b559e88)+0x1f

29 0bf1fd38 76f45de3 KERNEL32!BaseThreadInitThunk+0x24

2a 0bf1fd80 76f45dae ntdll!__RtlUserThreadStart+0x2f

2b 0bf1fd90 00000000 ntdll!_RtlUserThreadStart+0x1b

0 Kudos
1 Reply
Ken_D_
Beginner
106 Views

merged to post 1.

0 Kudos