Regarding the addresses that fall outside all kernel modules:
lm a <address> does not return any valid kernel module, although the addresses are kernel-space addresses above 0x00007ffffffeffff uu address also doesn’t show symbols, only valid assembly.
Regarding the invalid addresses:
It also returns some weird invalid addresses between the valid ones like this one:
I’m confused! Is it exact or inexact and why? The CPU must return to somewhere in the end, it won’t just float around and execute at address 0x0.
Are there any studies or sources on why this is?
And is there a way to correct the stack back trace returned by RtlCaptureStackBackTrace?
Why does the documentation not mention any of that?
Could it be the debugger causing this?
Most software that gets released is compiled with optimizations enabled. Compiler optimizations is a large topic and something of a black art, but they are usually worth the extra obscurity in the resulting assembly because they can speed up some code as much as a hundred fold (your mileage will vary). One class of optimizations works by replacing the normal call & return sequences with jump instructions. Another class works by repurposing standard registers to hold other values. And another works by creative arrangements of the stack. There are many others, but any one of these techniques (or some combination) can make it hard to discover the true call stack. Not impossible since the CPU must be able to do it, but too hard for any standard function. The x64 calling conventions dramatically restrict some of these optimizations and make the stack back trace far more reliable than on some other platforms like x86.
of course a stack trace like this could also be the result of stack corruption
optimized code often does not correspond well to symbols. Usually some are present for valid sequences of code, but they often refer to nonsense lines of code because of optimizations