I mean, anything can show up on a stack. It all depends what the context of the stack is.
If your context is a trapframe regarding an exception from a bug check caused by an avast! kernel firewall driver, you're going to probably see some network functions in the stack among other things (whatever it's doing at the time), and avast's! stuff. A lot of kernel network functions (NETIO, etc) are documented publicly by Microsoft, but you'll come to find a lot of undocumented kernel and user-mode functions. There are many user undocumented functions that you may see in your analysis over time, like NtRaiseHardError.
For example, this is a user-mode bug check function (sort of) from ntdll, which will throw a blue screen if its ResponseOption parameter = OptionShutdownSystem so long as the SeRemoteShutdownPrivilege constant is enabled and met regarding the application. You can't just call that function from user-mode directly with an application, so you have to instead develop a kernel-mode driver that will expose NtRaiseHardError, and then inevitably call that from user-mode.
How do you come to find these things? Lots of ways, mostly reversing in the most extreme, but the more common are accidentally during development, and just dumping things like export tables. In most cases though, 9/10 times the functions you'll be dealing with in a debugging scenario are public. I've never really had to deal with too many undocumented functions, especially if it was the sole reason for a crash and I absolutely needed to know what it meant.
Edit: A lot of words, should never post before bedtime.