0

I have several System.NullReferenceExceptions present in the dump file. Is there anyway to know which object is null and what is the call stack that caused this reference? Below is what I see in the dump file.

0:000> !DumpHeap -type NullReferenceException
         Address               MT     Size
000000008096da70 000007fcb5482048      160     
00000000809aee40 000007fcb5482048      160     
00000000809fb248 000007fcb5482048      160     
0000000080a55ce8 000007fcb5482048      160     
0000000080a93098 000007fcb5482048      160     
0000000080af1278 000007fcb5482048      160     
00000000817cf458 000007fcb5482048      160     
000000018044ec08 000007fcb5482048      160     
00000003806e75b8 000007fcb5482048      160     
000000038072bdc0 000007fcb5482048      160     
000000038077a7e8 000007fcb5482048      160     
00000003807e4920 000007fcb5482048      160     
0000000380828418 000007fcb5482048      160     
0000000380874f78 000007fcb5482048      160     

Statistics:
              MT    Count    TotalSize Class Name
000007fcb5482048       14         2240 System.NullReferenceException
Total 14 objects
Fragmented blocks larger than 0.5 MB:
            Addr     Size      Followed by
00000001805e75f0    1.1MB 000000018070d328 System.Threading.ThreadStart
0000000281047828    4.8MB 0000000281519cd0 System.Threading.ThreadStart
0000000281538100    4.9MB 0000000281a15730 System.Threading.ThreadStart

0:000> !do 000000008096da70 
Name:        System.NullReferenceException
MethodTable: 000007fcb5482048
EEClass:     000007fcb4e50f30
Size:        160(0xa0) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fcb5476508  4000002        8        System.String  0 instance 0000000000000000 _className
000007fcb547e880  4000003       10 ...ection.MethodBase  0 instance 0000000000000000 _exceptionMethod
000007fcb5476508  4000004       18        System.String  0 instance 0000000000000000 _exceptionMethodString
000007fcb5476508  4000005       20        System.String  0 instance 00000001801d4df8 _message
000007fcb547e238  4000006       28 ...tions.IDictionary  0 instance 0000000000000000 _data
000007fcb5476738  4000007       30     System.Exception  0 instance 0000000000000000 _innerException
000007fcb5476508  4000008       38        System.String  0 instance 0000000000000000 _helpURL
000007fcb5476ae8  4000009       40        System.Object  0 instance 000000008096dc00 _stackTrace
000007fcb5476ae8  400000a       48        System.Object  0 instance 0000000000000000 _watsonBuckets
000007fcb5476508  400000b       50        System.String  0 instance 0000000000000000 _stackTraceString
000007fcb5476508  400000c       58        System.String  0 instance 0000000000000000 _remoteStackTraceString
000007fcb54792b8  400000d       88         System.Int32  1 instance                0 _remoteStackIndex
000007fcb5476ae8  400000e       60        System.Object  0 instance 0000000000000000 _dynamicMethods
000007fcb54792b8  400000f       8c         System.Int32  1 instance      -2147467261 _HResult
000007fcb5476508  4000010       68        System.String  0 instance 0000000000000000 _source
000007fcb547a338  4000011       78        System.IntPtr  1 instance                0 _xptrs
000007fcb54792b8  4000012       90         System.Int32  1 instance       -532462766 _xcode
000007fcb542cdd8  4000013       80       System.UIntPtr  1 instance      7fc56d78df9 _ipForWatsonBuckets
000007fcb5499eb8  4000014       70 ...ializationManager  0 instance 000000008096dbc8 _safeSerializationManager
000007fcb5476ae8  4000001        0        System.Object  0   shared           static s_EDILock
                                 >> Domain:Value  0000000002b83fd0:NotInit  00000000281b5fd0:NotInit  0000000022890fd0:NotInit  000000002877efd0:NotInit  0000000021104fd0:NotInit  0000000025c65fd0:NotInit  000000002c4c5fd0:NotInit  000000002c6b8fd0:NotInit  000000002c644fd0:NotInit  000000002ce33fd0:NotInit  000000002cbccfd0:NotInit  <<
0:000> !do 00000001801d4df8 
Name:        System.String
MethodTable: 000007fcb5476508
EEClass:     000007fcb4d93750
Size:        132(0x84) bytes
File:        C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:      Object reference not set to an instance of an object.
Fields:
              MT    Field   Offset                 Type VT     Attr            Value Name
000007fcb54792b8  40000aa        8         System.Int32  1 instance               53 m_stringLength
000007fcb54777f0  40000ab        c          System.Char  1 instance               4f m_firstChar
000007fcb5476508  40000ac       18        System.String  0   shared           static Empty
                                 >> Domain:Value  0000000002b83fd0:NotInit  00000000281b5fd0:NotInit  0000000022890fd0:NotInit  000000002877efd0:NotInit  0000000021104fd0:NotInit  0000000025c65fd0:NotInit  000000002c4c5fd0:NotInit  000000002c6b8fd0:NotInit  000000002c644fd0:NotInit  000000002ce33fd0:NotInit  000000002cbccfd0:NotInit  <<
0:000> !GCRoot 000000008096da70 
Found 0 unique roots (run '!GCRoot -all' to see all roots).
crazy novice
  • 1,757
  • 3
  • 14
  • 36

1 Answers1

1

Your best bet is to look at the stack trace in the dump file, that should give you a hint as to where the code blew up with the Null reference exception.

To get the stack, using WinDbg and SOS, use the following command on your dump file:

!threads

This should display a list of threads. If you look to the right of each thread line, you might see the (System.NullReferenceException). You don't have to use this command, but it's handy just to prove that you're on the right track. The following is the really important command:

!pe

That means Print Exception. It should display the details of the NullReferenceException for you, including the stack trace, which is key. Hopefully there will be enough detail in the stack trace to help you locate approx where the code faulted.

EDIT:

Just because there is a Null reference exception in the heap, it does not mean that the exception has occurred. For example, do a search for System.OutOfMemoryException` and you will see one of those in your heap too.

Basically those objects are created on the heap in preparation for using them. The telling sign is this, in the output to !threads you did not see any Null reference exceptions listed, which means none has happened.

Jason Evans
  • 28,906
  • 14
  • 90
  • 154
  • !threads command does not have any System.NullReferenceExceptions. Also when I run ~* e !pe, it does not have any reference to null reference exceptions. The fact that !gcroot didn't list anything does it mean this is garbage collected? – crazy novice Aug 13 '14 at 14:47
  • Where did you get the address for that exception? `!do 000000008096da70 Name: System.NullReferenceException` How did you know it existed? – Jason Evans Aug 13 '14 at 14:52
  • I got it from output of !DumpHeap -type NullReferenceException. Added that part in my question also. – crazy novice Aug 13 '14 at 14:55
  • According to http://goo.gl/AY4QPi only three types of exceptions(ExecutionEngineException, StackOverflowException and OutOfMemoryException) are present by default in the .net heap. Doesn't that mean these are thrown at some point?? – crazy novice Aug 13 '14 at 20:54
  • 1
    OK, cheers for clearing that up. It's possible that a NullReferenceException was created, but not thrown. Reason I say that is, I find it odd that neither pe or !threads indicate that any NRE exception was thrown. Usually it would appear in the output of those commands. Where did you get the dump from? – Jason Evans Aug 14 '14 at 07:34
  • 1
    @PaulSnow You can pass an exception address to `!pe`. Do that for each NullReferenceException you found on the heap and see if any of them give you a call stack. For ex, `!pe 000000008096da70` – Marc Sherman Aug 14 '14 at 13:18
  • @Jason Dump is from production environment where this application is running with some undesired behaviour. – crazy novice Aug 22 '14 at 15:26