Created attachment 122914 [details] After the crash. I am experiencing the following problem with LibreOffice Calc >= 5.1.x on Win7 (32 Bit, SP1): Calc crashes immediately when the SUM function is used. To reproduce the problem in my environment, it is enough to create a new, empty spreadsheet and just press the "SUM" button above the sheet. Alternatively, entering =SUM(..anything..) in a cell also leads to the crash. Both new, empty and existing spreadsheets are affected. Attached, please find a screenshot of the window popping up after the crash as well as of the version information window. Locale used is German. I was able to reproduce this problem in 5.1.0 and 5.1.1 RC1. It does not occur in the 5.0.5 version. I already tried deleting "%APPDATA%\LibreOffice", but it did not help. Calc is used with default settings.
Created attachment 122915 [details] Version information.
WinDbg analysis: 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** WARNING: Unable to verify checksum for C:\Windows\system32\OpenCL.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\OpenCL.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\LibreOffice 5\program\soffice.bin - FAULTING_IP: amdocl!tcmalloc::PageHeap::Check+12ac7 10ab4b77 8b01 mov eax,dword ptr [ecx] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 10ab4b77 (amdocl!tcmalloc::PageHeap::Check+0x00012ac7) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 CONTEXT: 00000000 -- (.cxr 0x0;r) eax=00000000 ebx=00000000 ecx=00000000 edx=013acbc8 esi=0ba17b68 edi=0ba17860 eip=10ab4b77 esp=013ac584 ebp=013acc24 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 amdocl!tcmalloc::PageHeap::Check+0x12ac7: 10ab4b77 8b01 mov eax,dword ptr [ecx] ds:0023:00000000=???????? FAULTING_THREAD: 00001038 PROCESS_NAME: soffice.bin OVERLAPPED_MODULE: Address regions for 'localedata_euro' and 'faultrep.dll' overlap ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 READ_ADDRESS: 00000000 FOLLOWUP_IP: amdocl!tcmalloc::PageHeap::Check+12ac7 10ab4b77 8b01 mov eax,dword ptr [ecx] NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: soffice.bin ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ_BEFORE_CALL PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ_BEFORE_CALL DEFAULT_BUCKET_ID: NULL_POINTER_READ_BEFORE_CALL LAST_CONTROL_TRANSFER: from 10aa32ec to 10ab4b77 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 013acc24 10aa32ec 0ba12020 0ba12018 00000000 amdocl!tcmalloc::PageHeap::Check+0x12ac7 013acc84 10aa3d9f 013accd0 0ba10f90 00000001 amdocl!tcmalloc::PageHeap::Check+0x123c 013accb8 10a9ae96 013acd00 0ba10f90 0b9a8738 amdocl!tcmalloc::PageHeap::Check+0x1cef 013ace18 10bf0b8e 00000000 0b9a878c 0b9a8888 amdocl!HsaAmdSetQueueDebugMode+0x38f36 013ad038 10bf19af 013ad064 00000000 00000000 amdocl!clRetainSampler+0x2462e 013ad05c 10bece2c 00000000 0b9a8418 00000000 amdocl!clRetainSampler+0x2544f 013ad09c 10bef345 00000000 75b9cef1 10bc2150 amdocl!clRetainSampler+0x208cc 013ad10c 10bec766 00000000 10bd784d 000000e0 amdocl!clRetainSampler+0x22de5 013ad134 10bc2161 013ad168 58fe10b1 00000000 amdocl!clRetainSampler+0x20206 013ad13c 58fe10b1 00000000 00000000 013ad160 amdocl!clIcdGetPlatformIDsKHR+0x11 013ad168 58fe3638 013ad17c 03de54e8 03cf762c OpenCL+0x10b1 013ad590 58fe305a 03de54e8 03cf762c 013ad5e8 OpenCL!clWaitForEvents+0x128 013ad5a0 559705a9 00000000 00000000 013ad5d8 OpenCL!clGetPlatformIDs+0xa 013ad5e8 55971489 2904c5fd 03de54e8 03cf762c opencllo!opencl::fillOpenCLInfo+0xa9 013ad668 0fcdfe87 03cf762c 00000001 00000000 opencllo!opencl::switchOpenCLDevice+0x39 013ad698 0fcdede7 03cf762c 00000001 00000000 sclo!sc::FormulaGroupInterpreter::switchOpenCLDevice+0x67 013ad6c0 0fe05bf3 00000000 10936a60 10936a8c sclo!sc::FormulaGroupInterpreter::getStatic+0x57 013ad6e8 50ceabe2 000000e0 2904c42b 03de54e8 sclo!ScTokenArray::CheckToken+0x83 013ad70c 0fe02b3e 042af000 013af11c 0c0000e0 forlo!formula::FormulaTokenArray::Add+0x52 013adf44 1030a67b 000000e0 2904e37a 03ef63a0 sclo!ScTokenArray::AddOpCode+0x2e 013af0c4 0ff52f4c 013af178 013af11c 03ec8200 sclo!ScViewFunc::GetAutoSumFormula+0xbb 013af188 52854cff 29fc1628 013af20c 03ec22a8 sclo!ScInputWindow::Select+0x19c 013af1bc 52858206 013af20c 00000000 29fc1660 mergedlo!ToolBox::ImplHandleMouseButtonUp+0x1df 013af1f4 5285ad95 013af20c 54af7300 03ec22a8 mergedlo!ToolBox::Tracking+0x66 013af238 528729d3 00000000 29fc14bc 00000004 mergedlo!vcl::Window::EndTracking+0x105 013af328 528734f9 03e2f638 00000002 00000000 mergedlo!ImplHandleMouseEvent+0xd33 013af35c 52873d08 03e2f638 013af420 29fc1454 mergedlo!ImplHandleSalMouseButtonUp+0x39 013af3c0 52b80bc8 00e2f638 03e2bda0 00000004 mergedlo!ImplWindowFrameProc+0x138 013af448 52b84174 00100586 00000202 00000000 mergedlo!ImplHandleMouseMsg+0x348 013af490 52b84720 00100586 00000202 00000000 mergedlo!SalFrameWndProc+0x774 013af4dc 75e9c4f7 00100586 00000202 00000000 mergedlo!SalFrameWndProcW+0x60 013af508 75e9c5f7 52b846c0 00100586 00000202 USER32!InternalCallWinProc+0x23 013af580 75e9cc30 00000000 52b846c0 00100586 USER32!UserCallWinProcCheckWow+0x14b 013af5e4 75e9cc88 52b846c0 00000000 013af608 USER32!DispatchMessageWorker+0x36d 013af5f4 52b4da39 013af620 00000000 75e964d7 USER32!DispatchMessageW+0xf 013af608 52b4db49 013af620 001f8f68 00000001 mergedlo!ImplSalDispatchMessage+0x29 013af63c 52b4d951 00000001 00000000 00993b54 mergedlo!ImplSalYield+0xb9 013af660 52ad0d56 00000001 00000000 00000000 mergedlo!WinSalInstance::DoYield+0xc1 013af684 52ace13b 29fc1120 00993b54 54ae0ba8 mergedlo!Application::Yield+0x56 013af6b4 51bd24fc 29fc1fa4 54af7360 001c2513 mergedlo!Application::Execute+0x13b 013af830 52ad5886 29fc1fcc 00000000 001c2513 mergedlo!desktop::Desktop::Main+0xd3c 013af858 52ad5c39 00536120 013af8d4 51bec599 mergedlo!ImplSVMain+0x46 013af864 51bec599 29fc1f40 001c2513 53d4c010 mergedlo!SVMain+0x29 013af8d4 0082101e 001c2513 008212b2 00820000 mergedlo!soffice_main+0x79 013af928 7622ef1c 7ffd4000 013af974 77153b53 soffice+0x101e 013af934 77153b53 7ffd4000 77167796 00000000 kernel32!BaseThreadInitThunk+0xe 013af974 77153b26 00821183 7ffd4000 00000000 ntdll!__RtlUserThreadStart+0x70 013af98c 00000000 00821183 7ffd4000 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: .cxr 0x0 ; kb SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: amdocl!tcmalloc::PageHeap::Check+12ac7 FOLLOWUP_NAME: MachineOwner MODULE_NAME: amdocl IMAGE_NAME: amdocl.dll DEBUG_FLR_IMAGE_TIMESTAMP: 52a24325 FAILURE_BUCKET_ID: NULL_POINTER_READ_BEFORE_CALL_c0000005_amdocl.dll!tcmalloc::PageHeap::Check BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_BEFORE_CALL_amdocl!tcmalloc::PageHeap::Check+12ac7 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:null_pointer_read_before_call_c0000005_amdocl.dll!tcmalloc::pageheap::check FAILURE_ID_HASH: {b7f9d1fd-6139-09b5-2df1-c0b10f922fdf} Followup: MachineOwner ---------
PS: Crash does not occur when OpenCL is disabled in LibreOffice options.
Since your bt shows OpenCL stuff, could you, for the test, disable OpenCL (Tools menu/Options/LibreOffice/OpenCL, disable both checkboxes + restart LO) and give a new try?
Hi Julien and thanks for your reply! Yes, indeed even disabling just the second OpenCL option (and restarting the program) results in Calc not crashing anymore when using the SUM function.
Thank you for your feedback. What's your GPU (brand, model) and CPU (brand, model)? Could you check if last drivers of your GPU are installed? If not, could you please update and give a new try with OpenCl enabled?
I guess black-listing the driver is the only approach. If you can get a build with symbols, running under 'drmemory.exe' may get us some interesting data - in case this is something in the core - but I suspect it's a driver bug. Also - the OpenGL driver information prolly helps us narrow down the CL version too (FWIW) then again just getting: cache/sc_opencl_device_profile.dat From the user-profile would be useful I think. Thanks !
*** Bug 98674 has been marked as a duplicate of this bug. ***
I have the same problem with LOo 5.1.2.2 (x64 French version) on Win 7 64 bits. I've just putted four number in some cells, and then entered the formula "=sum(A1:A4)", and Calc crashed. So I can confirm the bug.
Additionnal information : I've made the same test after disabling OpenCL. The sum function seems to work ok. So it's related to OpenCl. The previous version tested (LOo 5.0.2 worked fine even with OpenCL on). I hope it may help
(In reply to GUTH Christophe from comment #10) > Additionnal information : > > I've made the same test after disabling OpenCL. The sum function seems to > work ok. So it's related to OpenCl. > > The previous version tested (LOo 5.0.2 worked fine even with OpenCL on). > > I hope it may help Hello Guth, Please take a look at C:\Users\User_name\AppData\Roaming\LibreOffice\4\cache\sc_opencl_device_profile.dat Do you have this file on your PC? If yes, please attach it. Thanks
The OpenCL logs got more informative since then, please try with 5.0 beta2, and attach opencl_devices.log and opencl_profile.xml, which replaced the file mentioned by raal.
Oops, I meant 5.2 beta2.
This crash during early initialization will now take place on first-start and disable the driver. Then again - entering a single cell sum function is very unlikely to cause this problem - since CL should not be enabled for that I think. How large was your SUM area, were you filling a column with that or somesuch ? Anyhow - closing for now, since this should be disabled on start for bad drivers. Thanks for reporting :-)