How can I view the complete call stack in windbg, to debug UNEXPECTED_KERNEL_MODE_TRAP?

Hello, I have a strange UNEXPECTED_KERNEL_MODE_TRAP bugcheck, with parameter 1 being 0x0004 (overflow error). This occurs when KiPageFault is being handled and there is not enough stack space. The call stack in windbg does not go further down than KiPageFault, so I am trying to display further call stack information to figure out where the issue originates from.

Overflow (4) is related to the INTO instruction. This doesn’t have anything to do with overflowing the stack. Stack overflows always show up as double faults (8).

In any case, there are lots of reasons why WinDbg might not be able to walk the stack. Can you post the k output?

@“Scott_Noone_(OSR)” said:
Overflow (4) is related to the INTO instruction. This doesn’t have anything to do with overflowing the stack. Stack overflows always show up as double faults (8).

In any case, there are lots of reasons why WinDbg might not be able to walk the stack. Can you post the k output?

Hello, thank you for the reply. Here is the k output:

6: kd> k

Child-SP RetAddr Call Site

00 ffff96052505dc68 fffff80033607a69 nt!KeBugCheckEx
01 ffff96052505dc70 fffff80033607e90 nt!KiBugCheckDispatch+0x69
02 ffff96052505ddb0 fffff80033606223 nt!KiFastFailDispatch+0xd0
03 ffff96052505df90 fffff800336918ed nt!KiRaiseSecurityCheckFailure+0x323
04 ffff96052505e120 fffff8003352bde1 nt!RtlpGetStackLimitsEx+0x165cdd
05 ffff96052505e150 fffff8003352ab86 nt!RtlDispatchException+0xe1
06 ffff96052505e370 fffff80033607bac nt!KiDispatchException+0x186
07 ffff96052505ea30 fffff80033603d43 nt!KiExceptionDispatch+0x12c
08 ffff96052505ec10 0000000000000000 nt!KiPageFault+0x443

That doesn’t look like an UNEXPECTED_KERNEL_MODE_TRAP (0x7F) crash, I’d expect this to be KERNEL_SECURITY_CHECK_FAILURE (0x139)?

Note that the return address is 0 and that’s why the debugger can’t walk the stack. Something is screwed up with the frame prior to KiPageFault. What’s the full !analyze -v output? Also, what does “.frame /c 9” show?

One other thing: What are you doing that’s leading to this crash?