55802e5e86
In the case of no ARP entry, the incoming packet is added to the ARP's pending queue, while ARP is being resolved. Here a reference is taken by the ARP layer to the packet to avoid it being freed, but the Ethernet immediately puts down the reference and send the ARP packet to the driver. If the ARP request fails for some reason, L2 returns failure to net_if which then puts down the reference and the packet will be freed as the reference count is now zero. But the packet is still in the ARP's pending queue and after timeout ARP will put down the reference causing double free bus fault (double free message is only seen if the CONFIG_NET_PKT_LOG_LEVEL_DBG is enabled, so, a bit hard to debug. Fix this by clearing the ARP entry and pending queue after taking a reference and then free ARP packet, IP packets are either freed by ARP pending queue drain or net_if layer. Signed-off-by: Krishna T <krishna.t@nordicsemi.no> |
||
|---|---|---|
| .. | ||
| dsa | ||
| gptp | ||
| lldp | ||
| CMakeLists.txt | ||
| Kconfig | ||
| arp.c | ||
| arp.h | ||
| bridge.c | ||
| bridge.h | ||
| bridge_shell.c | ||
| eth_stats.h | ||
| ethernet.c | ||
| ethernet_mgmt.c | ||
| ethernet_stats.c | ||