Wcall16 with invalid stack: eax=dfbf3e62 edx=0 func=0x000f9563 esp=dfbf3e50 ret=0x000f2304 │.text:000F22C8 sub_F22C8 proc near ; CODE XREF: sub_F2309+2Cvp ▒ │.text:000F22C8 ; sub_F2309+35vj ▒ │.text:000F22C8 ▒ │.text:000F22C8 var_2A = byte ptr -2Ah ▒ │.text:000F22C8 var_1A = byte ptr -1Ah ▒ │.text:000F22C8 var_E = byte ptr -0Eh ▒ │.text:000F22C8 var_D = byte ptr -0Dh ▒ │.text:000F22C8 var_6 = word ptr -6 ▒ │.text:000F22C8 ▒ │.text:000F22C8 push ebx ▒ │.text:000F22C9 sub esp, 28h ▒ │.text:000F22CC mov ebx, eax ▒ │.text:000F22CE mov ecx, 26h ▒ │.text:000F22D3 xor edx, edx ▒ │.text:000F22D5 lea eax, [esp+2Ch+var_2A] ▒ │.text:000F22D9 call sub_F1BA0 ▒ │.text:000F22DE mov [esp+2Ch+var_6], 200h ▒ │.text:000F22E5 mov [esp+2Ch+var_D], 0Eh ▒ │.text:000F22EA mov [esp+2Ch+var_E], bl · │.text:000F22EE mov [esp+2Ch+var_1A], 7 ▒ │.text:000F22F3 mov edx, offset word_FD2EA ▒ │.text:000F22F8 movzx edx, dx ▒ │.text:000F22FB lea eax, [esp+2Ch+var_2A] ▒ │.text:000F22FF call sub_F22A6 ▒ │.text:000F2304 add esp, 28h ▒ │.text:000F2307 pop ebx ▒ │.text:000F2308 retn ▒ │.text:000F2308 sub_F22C8 endp ▒ 00001ba0 R_386_PC32 .text.pci_probe_devices .text.asm.irq_trampoline_0x10 0xd2ea : { *(.text.asm.irq_trampoline_0x10) } On Wed, Dec 23, 2015 at 6:55 PM, Kevin O'Connor <kevin@koconnor.net> wrote:

On Wed, Dec 23, 2015 at 12:51:30PM -0500, Kevin O'Connor wrote:

...

On Wed, Dec 23, 2015 at 04:27:55PM +0100, Tobias Diedrich wrote:

...

And with verbose logging (level 8).

[...] Wcall16 with invalid stack

Strange. Can you report the output with the patch below?

Using the patch below would be even better.

-Kevin

--- a/src/stacks.c +++ b/src/stacks.c @@ -274,7 +274,8 @@ call16(u32 eax, u32 edx, void *func) { ASSERT32FLAT(); if (getesp() > MAIN_STACK_MAX) - panic("call16 with invalid stack\n"); + panic("call16 with invalid stack eax=%x edx=%x func=%p esp=%x ret=%p\n" + , eax, edx, func, getesp(), __builtin_return_address(0)); if (CONFIG_CALL32_SMM && Call16Data.method == C16_SMM) return call16_smm(eax, edx, func);