Need assistance understand a bugcheck callstack

Question

So, I have a Windows program that is behaving badly. The callstack at the time of the error is:

0: kd> kn
 # Child-SP RetAddr  Call Site
00 9a6c3548 815a6c20 nt!KiPollFreezeExecution+0x8
01 9a6c3558 815a6d24 nt!KeBugCheck2+0x61c
02 9a6c3820 8153955c nt!KeBugCheckEx+0x14
03 9a6c3838 8147b30c nt!MY_READ_REGISTER_UCHAR+0x4590
04 9a6c3898 8141de0e nt!KeClockInterruptNotify+0x300
05 9a6c3910 8147ed26 hal!HalSetRealTimeClock+0x367e
06 9a6c3930 814dcc76 nt!KiPlayInterrupt+0x5d6
07 9a6c39f0 8145f086 nt!KiProcessInterrupt+0x17e
08 9a6c3a40 814bbe18 nt!KiInterruptException+0x126
09 9a6c3be0 814acb3a nt!KeSweepIcache+0x40
0a 9a6c3bf8 814ae742 nt!KeSweepIcacheRange+0x6e
0b 9a6c3c08 8149173c nt!MiWaitForInPageComplete+0x206
0c 9a6c3c78 8147bdb8 nt!MiIssueHardFault+0x270
0d 9a6c3cc0 8145ed08 nt!MmAccessFault+0x634
0e 9a6c3d40 6edf9920 nt!KiCommonMemoryManagementAbort+0xcc
0f 0295f4c8 6edec79a MyDriver!Bar+0x8a0
10 0295f4c8 00000000 MyDriver!Foo+0xfea

In the beginning, this makes sense. I have a page fault and try to load the page.

09 9a6c3be0 814acb3a nt!KeSweepIcache+0x40
0a 9a6c3bf8 814ae742 nt!KeSweepIcacheRange+0x6e
0b 9a6c3c08 8149173c nt!MiWaitForInPageComplete+0x206
0c 9a6c3c78 8147bdb8 nt!MiIssueHardFault+0x270
0d 9a6c3cc0 8145ed08 nt!MmAccessFault+0x634
0e 9a6c3d40 6edf9920 nt!KiCommonMemoryManagementAbort+0xcc

But, then it gets in to some interrupt handling. What's going on here?

06 9a6c3930 814dcc76 nt!KiPlayInterrupt+0x5d6
07 9a6c39f0 8145f086 nt!KiProcessInterrupt+0x17e
08 9a6c3a40 814bbe18 nt!KiInterruptException+0x126

Next we mess with the RTC?! Why?

04 9a6c3898 8141de0e nt!KeClockInterruptNotify+0x300
05 9a6c3910 8147ed26 hal!HalSetRealTimeClock+0x367e

And a bugcheck in MY_READ_REGISTER_UCHAR+0x4590? That's way far away from this tiny little function.

01 9a6c3558 815a6d24 nt!KeBugCheck2+0x61c
02 9a6c3820 8153955c nt!KeBugCheckEx+0x14
03 9a6c3838 8147b30c nt!MY_READ_REGISTER_UCHAR+0x4590

0: kd> uf nt!MY_READ_REGISTER_UCHAR
nt!MY_READ_REGISTER_UCHAR:
81534fcc e92d4800 push        {r11,lr}
81534fd0 46eb     mov         r11,sp
81534fd2 f3bf8f4f dsb
81534fd6 7800     ldrb        r0,[r0]
81534fd8 e8bd8800 pop         {r11,pc}

Can anybody provide some insight in to what I'm seeing here?

Hypothesis: the same stack corruption that caused you to return to a nonsense address several KB beyond the nearest symbol and crash, also turns the backtrace to gibberish. — Notlikethat, Sep 30 '15 at 16:58
Maybe. But the stack makes sense after it leaves my driver and through the whole page fault code. You think the corruption is caused by the MSFT page fault code? — PaulH, Sep 30 '15 at 17:06
Some of the symbols are far off. Have you [set up symbols correctly](http://stackoverflow.com/questions/30019889/how-to-set-up-symbols-in-windbg) or did you apply [this kernel symbol fix](http://stackoverflow.com/a/32278853/480982), which corrupts the callstacks? — Thomas Weller, Sep 30 '15 at 17:14
@ThomasWeller - I didn't see any symbol load errors, but I think you must be correct. I will double check the symbols and update when I verify I have the correct ones. — PaulH, Sep 30 '15 at 17:31
@ThomasWeller - you were correct. I reloaded the nt and hal symbols and the stack made much more sense. — PaulH, Oct 02 '15 at 02:45
@PaulH: that's fine. If you like, you can delete the question or flag it as duplicate of [set up symbols correctly](http://stackoverflow.com/questions/30019889/how-to-set-up-symbols-in-windbg) — Thomas Weller, Oct 02 '15 at 16:55

Need assistance understand a bugcheck callstack

0 Answers0