What happens when a task jumps to it's own TSS(or gate)? According to the x86 documentation I can find, this shouldn't be allowed(non-recursive rule), but that's exactly what the main loop of the third task of the Landmark/Supersoft BIOS is trying to do:
- Kernel(initial protected mode) calls first task(CALL).
- First task calls second task(JMP).
- Second task jumps to itself(TSS). Not allowed? Allowed due to clearing Busy before loading new TR(loading TR sets it and checks busu of the new task(&faults if so)).
- Eventually, second task IRETS to invalid selector(NT=0), invalid stack? It's popping 0xAAAA into CS?

Edit: See UniPCemu 80286/80386+ protected mode problems?