every now and then i get a panic in au_icu.c that looks like a null
pointer dereference.  it is in au_iointr().   Typically this happens
when I press CTRL-S to stop a boot screen messages while I look for some
particular output.

I *think* what is happening is that the interrupt handlers are coming
and going during boot flow.

        irqmask = REGVAL(icu_base + IC_MASK_READ);
        au_cpuintrs[level].cintr_count.ev_count++;
        LIST_FOREACH(ih, &au_cpuintrs[level].cintr_list, ih_q) {
            int irq = (1 << ih->ih_irq);

            if ((irq & irqmask) && (irq & irqstat)) {
                au_icu_intrtab[ih->ih_irq].intr_count.ev_count++;
                (*ih->ih_func)(ih->ih_arg);

I wonder if the ih values need to be protected by splhigh() or some kind
of lock.

I also occasionally see where issue CTRL-C or somesuch causes aucomintr
to throw a fit:

Wed Mar  1 11:20:07 PST 2006
trap: TLB miss (load or instr. fetch) in kernel mode
status=0x2, cause=0x800408, epc=0x802d7e14, vaddr=0x1040002c
curlwp == NULL ksp=0xc0080d80
Stopped at      netbsd:aucomintr+0x88:  lw      v0,44(s2)

I've not looked at this further yet.  I just want to document it.  I'll
post the next au_io_intr panic I get, as well, along with backtraces
(which aren't terribly useful since they almost always only have numeric
values.)

-- 
Garrett D'Amore, Principal Software Engineer
Tadpole Computer / Computing Technologies Division,
General Dynamics C4 Systems
http://www.tadpolecomputer.com/
Phone: 951 325-2134  Fax: 951 325-2191