Temporary hack to make ntoskrnl stop crashing - an user-mode pointer (in the EBP register) was being dereferenced without any check
Since I don't know what this is for, I'm disabling it for now - it works for people reporting the crash, and it apparently only breaks GDB support. Alex, this should be your baby, please have a look

Modified: trunk/reactos/ntoskrnl/ke/i386/syscall.S

--- trunk/reactos/ntoskrnl/ke/i386/syscall.S	2005-01-19 21:04:37 UTC (rev 13139)
+++ trunk/reactos/ntoskrnl/ke/i386/syscall.S	2005-01-19 21:05:26 UTC (rev 13140)
@@ -95,14 +95,20 @@

     pushl %gs                                                          // + 0x48
     sub $0x28, %esp                                                    // + 0x70
 

+#if 0

 #ifdef DBG
     /* Trick gdb 6 into backtracing over the system call */

+    /* FIXME: %ebp is *never* initialized */

     pushl 4(%ebp)    /* DebugEIP */                                    // + 0x74
     pushl (%ebp)     /* DebugEBP */                                    // + 0x78
 #else
     pushl 0x60(%esp) /* DebugEIP */                                    // + 0x74
     pushl %ebp       /* DebugEBP */                                    // + 0x78
 #endif

+#else
+    pushl $0         /* DebugEIP */                                    // + 0x74
+    pushl $0         /* DebugEBP */                                    // + 0x78
+#endif

 
     /* Load the segment registers */
     sti