Describe the bug
Hi,
I am seeing a reproducible kernel crash on a Raspberry Pi 5 when loading a custom PCIe network driver for an FPGA-based NIC.
Environment
• Board: Raspberry Pi 5
• Kernel versions tested:
• 6.12.75+rpt-rpi-2712
• 6.12.87+rpt-rpi-2712
• FPGA device connected over PCIe
• FPGA successfully programmed via JTAG/OpenOCD
• PCIe device enumerates correctly as 1234:c001
Summary
The FPGA and PCIe path appear to be working correctly:
• Bitstream programming succeeds
• PCIe enumeration succeeds
• Driver builds successfully
• Driver module loads successfully with insmod
• The driver appears to reach the network device registration stage
However, shortly after loading the driver, the system crashes. The crash consistently points to:
root_cpuacct+0x40
Because the crash happens in the kernel cpuacct path rather than in the driver itself, this looks like a Raspberry Pi 5 kernel issue triggered by netdev registration or a related cgroup interaction.
Reproduction steps
- Boot Raspberry Pi 5
- Program the FPGA bitstream
- Confirm PCIe enumeration
- Build and insert the driver module
- Wait briefly after driver load
Commands used:
uname -r
lspci | grep 1234
cd ~/github/taxi/src/cndm/modules/cndm && make
sudo insmod cndm.ko
dmesg | tail -30
Observed behavior
• insmod itself does not immediately fail
• The system crashes shortly afterward, typically about 1 second later
• The crash is reproducible
• The same behavior occurs on both tested kernel versions
Relevant crash trace
Call trace:
kernfs_unlink_open_file+0x94/0x128
kernfs_fop_release+0x48/0x100
__fput+0xd0/0x2e0
____fput+0x1c/0x30
task_work_run+0x80/0xe8
do_exit+0x2f0/0x9b8
make_task_dead+0x8c/0x190
die+0x254/0x288
die_kernel_fault+0x1d8/0x388
__do_kernel_fault+0x190/0x198
do_page_fault+0x1f8/0x548
do_mem_abort+0x4c/0xa8
el1_abort+0x40/0x68
el1h_64_sync_handler+0xd8/0xe8
el1h_64_sync+0x64/0x68
root_cpuacct+0x40/0xe0
vfs_write+0x248/0x380
ksys_write+0x7c/0x120
__arm64_sys_write+0x24/0x38
invoke_syscall+0x4c/0xf8
el0_svc_common.constprop.0+0x48/0xf0
do_el0_svc+0x24/0x38
el0_svc+0x30/0x100
el0t_64_sync_handler+0x100/0x130
el0t_64_sync+0x190/0x198
Fixing recursive fault but reboot is needed!
Why I believe this is kernel-side
The custom driver repeatedly:
• compiles successfully
• loads successfully
• reaches the point where the PCIe device is active and network-device registration is underway
The fatal crash does not point into the driver. It consistently lands in:
root_cpuacct+0x40
This suggests the real issue is in the Raspberry Pi 5 kernel, possibly in the cpuacct / cgroup path triggered after netdev registration.
Expected behavior
Loading the driver should register the network device and keep the system stable.
Actual behavior
The driver loads, but the Raspberry Pi 5 kernel crashes shortly afterward with a fault in root_cpuacct+0x40.
Question
Is this a known Raspberry Pi 5 kernel issue related to cpuacct, root_cpuacct, or cgroup handling after network device registration?
If needed, I can provide:
• full dmesg
• more complete reproduction steps
• additional PCIe details
• driver initialization logs
Thanks.
Steps to reproduce the behaviour
- Boot a Raspberry Pi 5 with kernel 6.12.75+rpt-rpi-2712 or 6.12.87+rpt-rpi-2712
- Connect and power on the FPGA PCIe NIC board
- Program the FPGA with the NIC bitstream via JTAG/OpenOCD
- Confirm the PCIe device is enumerated (device 1234:c001)
- Build the custom cndm driver against the current kernel
- Insert the driver module with insmod
- Wait about 1 second after driver load
- Observe kernel crash in root_cpuacct+0x40
Device (s)
Raspberry Pi 5
System
OS and version:
Raspberry Pi reference 2023-10-10
Generated using pi-gen, https://github.com/RPi-Distro/pi-gen, 962bf483c8f326405794827cce8c0313fd5880a8, stage5
Firmware version:
2025/12/08 19:29:54
Copyright (c) 2012 Broadcom
version 2226a853 (release) (embedded)
Kernel version:
Linux basteng 6.12.87+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.87-1+rpt1~bookworm (2026-05-12) aarch64 GNU/Linux
Logs
No response
Additional context
- PCIe device enumerates correctly as 1234:c001
- The crash happens shortly after driver load / netdev registration
- Reproduced on 6.12.75+rpt-rpi-2712 and 6.12.87+rpt-rpi-2712
Describe the bug
Hi,
I am seeing a reproducible kernel crash on a Raspberry Pi 5 when loading a custom PCIe network driver for an FPGA-based NIC.
Environment
• Board: Raspberry Pi 5
• Kernel versions tested:
• 6.12.75+rpt-rpi-2712
• 6.12.87+rpt-rpi-2712
• FPGA device connected over PCIe
• FPGA successfully programmed via JTAG/OpenOCD
• PCIe device enumerates correctly as 1234:c001
Summary
The FPGA and PCIe path appear to be working correctly:
• Bitstream programming succeeds
• PCIe enumeration succeeds
• Driver builds successfully
• Driver module loads successfully with insmod
• The driver appears to reach the network device registration stage
However, shortly after loading the driver, the system crashes. The crash consistently points to:
root_cpuacct+0x40
Because the crash happens in the kernel cpuacct path rather than in the driver itself, this looks like a Raspberry Pi 5 kernel issue triggered by netdev registration or a related cgroup interaction.
Reproduction steps
Commands used:
uname -r
lspci | grep 1234
cd ~/github/taxi/src/cndm/modules/cndm && make
sudo insmod cndm.ko
dmesg | tail -30
Observed behavior
• insmod itself does not immediately fail
• The system crashes shortly afterward, typically about 1 second later
• The crash is reproducible
• The same behavior occurs on both tested kernel versions
Relevant crash trace
Call trace:
kernfs_unlink_open_file+0x94/0x128
kernfs_fop_release+0x48/0x100
__fput+0xd0/0x2e0
____fput+0x1c/0x30
task_work_run+0x80/0xe8
do_exit+0x2f0/0x9b8
make_task_dead+0x8c/0x190
die+0x254/0x288
die_kernel_fault+0x1d8/0x388
__do_kernel_fault+0x190/0x198
do_page_fault+0x1f8/0x548
do_mem_abort+0x4c/0xa8
el1_abort+0x40/0x68
el1h_64_sync_handler+0xd8/0xe8
el1h_64_sync+0x64/0x68
root_cpuacct+0x40/0xe0
vfs_write+0x248/0x380
ksys_write+0x7c/0x120
__arm64_sys_write+0x24/0x38
invoke_syscall+0x4c/0xf8
el0_svc_common.constprop.0+0x48/0xf0
do_el0_svc+0x24/0x38
el0_svc+0x30/0x100
el0t_64_sync_handler+0x100/0x130
el0t_64_sync+0x190/0x198
Fixing recursive fault but reboot is needed!
Why I believe this is kernel-side
The custom driver repeatedly:
• compiles successfully
• loads successfully
• reaches the point where the PCIe device is active and network-device registration is underway
The fatal crash does not point into the driver. It consistently lands in:
root_cpuacct+0x40
This suggests the real issue is in the Raspberry Pi 5 kernel, possibly in the cpuacct / cgroup path triggered after netdev registration.
Expected behavior
Loading the driver should register the network device and keep the system stable.
Actual behavior
The driver loads, but the Raspberry Pi 5 kernel crashes shortly afterward with a fault in root_cpuacct+0x40.
Question
Is this a known Raspberry Pi 5 kernel issue related to cpuacct, root_cpuacct, or cgroup handling after network device registration?
If needed, I can provide:
• full dmesg
• more complete reproduction steps
• additional PCIe details
• driver initialization logs
Thanks.
Steps to reproduce the behaviour
Device (s)
Raspberry Pi 5
System
OS and version:
Raspberry Pi reference 2023-10-10
Generated using pi-gen, https://github.com/RPi-Distro/pi-gen, 962bf483c8f326405794827cce8c0313fd5880a8, stage5
Firmware version:
2025/12/08 19:29:54
Copyright (c) 2012 Broadcom
version 2226a853 (release) (embedded)
Kernel version:
Linux basteng 6.12.87+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.87-1+rpt1~bookworm (2026-05-12) aarch64 GNU/Linux
Logs
No response
Additional context