From 867d00e393bf13aec9881ef65df8460f02f0bc4d Mon Sep 17 00:00:00 2001
From: Karun Kumar Eagalapati <karun.kumar@nordicsemi.no>
Date: Mon, 18 Nov 2024 17:10:42 +0530
Subject: [PATCH 1/8] [nrf fromlist] manifest: Update nrf_wifi

Updated manifest to include separate security types for 802.1X
in display of scan results when APs have EAP and PMF enabled.
BSS display limit based on user-configured non-zero values
set via CMD_INIT, along with support for few other regulatory
domain updates in firmware.

Upstream PR #: 81514

Signed-off-by: Karun Kumar Eagalapati <karun.kumar@nordicsemi.no>
(cherry picked from commit d5f626ec9394c199529963f6c6bff19dea7bcdd7)
---
 west.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/west.yml b/west.yml
index fadcb7d7daf6..3e66f68d53c7 100644
--- a/west.yml
+++ b/west.yml
@@ -303,7 +303,7 @@ manifest:
       revision: 3cfca0192ff84da919e9bc7978bcc2239cd6a395
       path: modules/bsim_hw_models/nrf_hw_models
     - name: nrf_wifi
-      revision: 71261e2b719b98500b7741c3398a74a5fb631596
+      revision: f6b950a3b5c0187fe499b0e518426d5bf88b7e68
       path: modules/lib/nrf_wifi
     - name: open-amp
       revision: b735edbc739ad59156eb55bb8ce2583d74537719

From a97deec49ed5dfd09332eee0638b151cca5a8eac Mon Sep 17 00:00:00 2001
From: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Date: Wed, 20 Nov 2024 15:14:15 +0530
Subject: [PATCH 2/8] [nrf fromlist] nrfwifi: Display EAP_TLS_SHA256 security
 in scan results

EAP_TLS_SHA256 was being identified as EAP_TLS in display scan
results. Identify the security type in scan results sent by
RPU and display accordingly.

Upstream PR #: 81514

Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
(cherry picked from commit 4092e6df311e18779fe1bb28ca29fff9e7931891)
---
 drivers/wifi/nrf_wifi/src/wifi_mgmt_scan.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/wifi/nrf_wifi/src/wifi_mgmt_scan.c b/drivers/wifi/nrf_wifi/src/wifi_mgmt_scan.c
index e30f572aeb32..f85c71c4f5f5 100644
--- a/drivers/wifi/nrf_wifi/src/wifi_mgmt_scan.c
+++ b/drivers/wifi/nrf_wifi/src/wifi_mgmt_scan.c
@@ -297,6 +297,8 @@ static inline enum wifi_security_type drv_to_wifi_mgmt(int drv_security_type)
 		return WIFI_SECURITY_TYPE_WAPI;
 	case NRF_WIFI_EAP:
 		return WIFI_SECURITY_TYPE_EAP;
+	case NRF_WIFI_EAP_TLS_SHA256:
+		return WIFI_SECURITY_TYPE_EAP_TLS_SHA256;
 	default:
 		return WIFI_SECURITY_TYPE_UNKNOWN;
 	}

From 3ba0b73aefd7e573871d75a0ddb3dc021f0f4cb8 Mon Sep 17 00:00:00 2001
From: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
Date: Thu, 19 Sep 2024 13:02:57 +0200
Subject: [PATCH 3/8] [nrf noup] drivers: flash: Allow reading secure mem by
 nrf_rram.

fixup! [nrf noup] tree-wide: support NCS Partition Manager (PM) definitions

To read the secure memory we need to use soc_secure_mem_read
function instead of memcpy.

This commit allows to use the soc_secure_mem_read function
if the CONFIG_TRUSTED_EXECUTION_NONSECURE and PARTITION_MANAGER
is enabled.

Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
(cherry picked from commit 711346aa377a65263784cd0d37efc9230e68229b)
---
 drivers/flash/soc_flash_nrf_rram.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/flash/soc_flash_nrf_rram.c b/drivers/flash/soc_flash_nrf_rram.c
index 35a6c98862c6..b697df505b3e 100644
--- a/drivers/flash/soc_flash_nrf_rram.c
+++ b/drivers/flash/soc_flash_nrf_rram.c
@@ -54,6 +54,11 @@ LOG_MODULE_REGISTER(flash_nrf_rram, CONFIG_FLASH_LOG_LEVEL);
 #define WRITE_BLOCK_SIZE_FROM_DT DT_PROP(RRAM, write_block_size)
 #define ERASE_VALUE              0xFF
 
+#if CONFIG_TRUSTED_EXECUTION_NONSECURE && USE_PARTITION_MANAGER
+#include <soc_secure.h>
+#include <pm_config.h>
+#endif /* CONFIG_TRUSTED_EXECUTION_NONSECURE && USE_PARTITION_MANAGER */
+
 #ifdef CONFIG_MULTITHREADING
 static struct k_sem sem_lock;
 #define SYNC_INIT()   k_sem_init(&sem_lock, 1, 1)
@@ -279,6 +284,12 @@ static int nrf_rram_read(const struct device *dev, off_t addr, void *data, size_
 	}
 	addr += RRAM_START;
 
+#if CONFIG_TRUSTED_EXECUTION_NONSECURE && USE_PARTITION_MANAGER && PM_APP_ADDRESS
+	if (addr < PM_APP_ADDRESS) {
+		return soc_secure_mem_read(data, (void *)addr, len);
+	}
+#endif
+
 	memcpy(data, (void *)addr, len);
 
 	return 0;

From 22eec458376ee5ed7bcb4799aa89b996abfee141 Mon Sep 17 00:00:00 2001
From: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Date: Mon, 11 Nov 2024 11:17:51 +0000
Subject: [PATCH 4/8] [nrf noup] dfu: boot: mcuboot: Fix selecting wrong active
 slot

fixup! [nrf noup] dfu/boot/mcuboot: fix confirmation in case of USE_PARTITION_MANAGER

Fixes this code to correctly check which slot is active, albeit
without firmware loader support

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit d99f13efc7fe216de96ab072b353ffdbe3f96ae1)
---
 subsys/dfu/boot/mcuboot.c | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/subsys/dfu/boot/mcuboot.c b/subsys/dfu/boot/mcuboot.c
index a6e05700ac7e..4a66befaa91a 100644
--- a/subsys/dfu/boot/mcuboot.c
+++ b/subsys/dfu/boot/mcuboot.c
@@ -37,6 +37,22 @@
 #if USE_PARTITION_MANAGER
 #include <pm_config.h>
 
+#if CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER != -1
+/* Sysbuild */
+#ifdef CONFIG_MCUBOOT
+/* lib is part of MCUboot -> operate on the primary application slot */
+#define ACTIVE_SLOT_FLASH_AREA_ID	PM_MCUBOOT_PRIMARY_ID
+#else
+/* TODO: Add firmware loader support */
+/* lib is part of the app -> operate on active slot */
+#if defined(CONFIG_NCS_IS_VARIANT_IMAGE)
+#define ACTIVE_SLOT_FLASH_AREA_ID	PM_MCUBOOT_SECONDARY_ID
+#else
+#define ACTIVE_SLOT_FLASH_AREA_ID	PM_MCUBOOT_PRIMARY_ID
+#endif
+#endif /* CONFIG_MCUBOOT */
+#else
+/* Legacy child/parent */
 #if CONFIG_BUILD_WITH_TFM
 	#define PM_ADDRESS_OFFSET (PM_MCUBOOT_PAD_SIZE + PM_TFM_SIZE)
 #else
@@ -44,20 +60,19 @@
 #endif
 
 #ifdef CONFIG_MCUBOOT
-	/* lib is part of MCUboot -> operate on the primart application slot */
-	#define ACTIVE_SLOT_ID		PM_MCUBOOT_PRIMARY_ID
+	/* lib is part of MCUboot -> operate on the primary application slot */
+	#define ACTIVE_SLOT_FLASH_AREA_ID	PM_MCUBOOT_PRIMARY_ID
 #else
 	/* lib is part of the App -> operate on active slot */
 #if (PM_ADDRESS - PM_ADDRESS_OFFSET) == PM_MCUBOOT_PRIMARY_ADDRESS
-	#define ACTIVE_SLOT_ID		PM_MCUBOOT_PRIMARY_ID
+	#define ACTIVE_SLOT_FLASH_AREA_ID	PM_MCUBOOT_PRIMARY_ID
 #elif (PM_ADDRESS - PM_ADDRESS_OFFSET) == PM_MCUBOOT_SECONDARY_ADDRESS
-	#define ACTIVE_SLOT_ID		PM_MCUBOOT_SECONDARY_ID
+	#define ACTIVE_SLOT_FLASH_AREA_ID	PM_MCUBOOT_SECONDARY_ID
 #else
 	#error Missing partition definitions.
 #endif
 #endif /* CONFIG_MCUBOOT */
-
-#define ACTIVE_SLOT_FLASH_AREA_ID ACTIVE_SLOT_ID
+#endif /* CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER != -1 */
 #else
 /* Get active partition. zephyr,code-partition chosen node must be defined */
 #define ACTIVE_SLOT_FLASH_AREA_ID DT_FIXED_PARTITION_ID(DT_CHOSEN(zephyr_code_partition))

From 1f8f3dc291420c70cd39e77a5cdc954561d4a08f Mon Sep 17 00:00:00 2001
From: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no>
Date: Wed, 11 Dec 2024 17:44:54 +0100
Subject: [PATCH 5/8] [nrf fromlist] soc: nordic: poweroff: disable remaining
 RAM on emul l05/l10 targets

nRF54L05 and nRF54L10 devices that are emulated on nRF54L15
needs to have manually disabled remaining RAM blocks
that are outside of their RAM region definitions.

Upstream PR #: 82262

Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no>
(cherry picked from commit 8798cb4caeedf0e78699cba48e4d3c7636d347a7)
---
 soc/nordic/common/poweroff.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/soc/nordic/common/poweroff.c b/soc/nordic/common/poweroff.c
index 99a2bcfb3d65..8d95463e2753 100644
--- a/soc/nordic/common/poweroff.c
+++ b/soc/nordic/common/poweroff.c
@@ -50,6 +50,15 @@ void z_sys_poweroff(void)
 
 	/* Disable retention for all memory blocks */
 	nrfx_ram_ctrl_retention_enable_set(ram_start, ram_size, false);
+#if defined(DEVELOP_IN_NRF54L15) && defined(NRF54L05_XXAA)
+	nrf_memconf_ramblock_ret_mask_enable_set(NRF_MEMCONF, 0, 0x1F8, false);
+	nrf_memconf_ramblock_ret2_mask_enable_set(NRF_MEMCONF, 0, 0x1F8, false);
+#endif
+#if defined(DEVELOP_IN_NRF54L15) && defined(NRF54L10_XXAA)
+	nrf_memconf_ramblock_ret_mask_enable_set(NRF_MEMCONF, 0, 0x1C0, false);
+	nrf_memconf_ramblock_ret2_mask_enable_set(NRF_MEMCONF, 0, 0x1C0, false);
+#endif
+
 #endif
 
 #if defined(CONFIG_RETAINED_MEM_NRF_RAM_CTRL)

From 7736d440309cd2594c7253c6e1ae5b5f1be70b0c Mon Sep 17 00:00:00 2001
From: Matthias Hauser <matthias.hauser@we-online.de>
Date: Fri, 17 Jan 2025 11:53:07 +0100
Subject: [PATCH 6/8] [nrf fromtree] drivers: nrfx: Avoid unhandled event
 calling assert function

Avoid unhandled event calling assert function

Signed-off-by: Matthias Hauser <matthias.hauser@we-online.de>
(cherry picked from commit 543864321cbdf5a60ed7e76976f52e28147c75e5)
---
 drivers/clock_control/clock_control_nrf.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/clock_control/clock_control_nrf.c b/drivers/clock_control/clock_control_nrf.c
index a9b1129f9a34..5b80c44a47e5 100644
--- a/drivers/clock_control/clock_control_nrf.c
+++ b/drivers/clock_control/clock_control_nrf.c
@@ -622,6 +622,11 @@ static void clock_event_handler(nrfx_clock_evt_type_t event)
 			__ASSERT_NO_MSG(false);
 		}
 		break;
+	case NRFX_CLOCK_EVT_PLL_STARTED:
+	{
+		/* unhandled event */
+		break;
+	}
 	default:
 		__ASSERT_NO_MSG(0);
 		break;

From ca954a6216c986c1a1d978e9e42ff773a2c7155a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krzysztof=20Chru=C5=9Bci=C5=84ski?=
 <krzysztof.chruscinski@nordicsemi.no>
Date: Mon, 17 Feb 2025 15:12:56 +0100
Subject: [PATCH 7/8] [nrf fromtree] drivers: clock_control: nrf: Add
 workaround for XO start anomaly
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add workaround to HFCLK start and stop in nrf54l. In future workaround
will be in nrfx driver.

Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
(cherry picked from commit 2cb2cf226c0254d662794b8158dd05688eb8e57b)
(cherry picked from commit f57f1717252eb38ab43b1dbe3f5bf7511da0604d)
---
 drivers/clock_control/clock_control_nrf.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/drivers/clock_control/clock_control_nrf.c b/drivers/clock_control/clock_control_nrf.c
index 5b80c44a47e5..4441d3c2379a 100644
--- a/drivers/clock_control/clock_control_nrf.c
+++ b/drivers/clock_control/clock_control_nrf.c
@@ -48,6 +48,14 @@ LOG_MODULE_REGISTER(clock_control, CONFIG_CLOCK_CONTROL_LOG_LEVEL);
 #define INF(dev, subsys, ...) CLOCK_LOG(INF, dev, subsys, __VA_ARGS__)
 #define DBG(dev, subsys, ...) CLOCK_LOG(DBG, dev, subsys, __VA_ARGS__)
 
+#if defined(NRF54L05_XXAA) || defined(NRF54L10_XXAA) || defined(NRF54L15_XXAA)
+#if NRFX_RELEASE_VER_AT_LEAST(3, 11, 0)
+#error "Remove workaround for XOSTART as it is already done in the nrfx clock"
+#endif
+
+#define USE_WORKAROUND_FOR_CLOCK_XOSTART_ANOMALY 1
+#endif
+
 /* Clock subsys structure */
 struct nrf_clock_control_sub_data {
 	clock_control_cb_t cb;
@@ -220,6 +228,9 @@ static void hfclk_start(void)
 		hf_start_tstamp = k_uptime_get();
 	}
 
+#ifdef USE_WORKAROUND_FOR_CLOCK_XOSTART_ANOMALY
+	nrf_clock_task_trigger(NRF_CLOCK, NRF_CLOCK_TASK_PLLSTART);
+#endif
 	nrfx_clock_hfclk_start();
 }
 
@@ -230,6 +241,9 @@ static void hfclk_stop(void)
 	}
 
 	nrfx_clock_hfclk_stop();
+#ifdef USE_WORKAROUND_FOR_CLOCK_XOSTART_ANOMALY
+	nrf_clock_task_trigger(NRF_CLOCK, NRF_CLOCK_TASK_PLLSTOP);
+#endif
 }
 
 #if NRF_CLOCK_HAS_HFCLK192M

From bf3da29b08235a4503db415d31d911d385292c0c Mon Sep 17 00:00:00 2001
From: Oli Lalonde <olalonde@gmail.com>
Date: Sun, 4 May 2025 19:44:41 -0400
Subject: [PATCH 8/8] modem_ppp: handle escaped bytes in a more general manner

---
 include/zephyr/modem/ppp.h | 10 +++---
 subsys/modem/modem_ppp.c   | 66 ++++++++++++++++----------------------
 2 files changed, 33 insertions(+), 43 deletions(-)

diff --git a/include/zephyr/modem/ppp.h b/include/zephyr/modem/ppp.h
index 799aac60b0b1..edcaf91ec271 100644
--- a/include/zephyr/modem/ppp.h
+++ b/include/zephyr/modem/ppp.h
@@ -38,13 +38,10 @@ typedef void (*modem_ppp_init_iface)(struct net_if *iface);
 enum modem_ppp_receive_state {
 	/* Searching for start of frame and header */
 	MODEM_PPP_RECEIVE_STATE_HDR_SOF = 0,
-	MODEM_PPP_RECEIVE_STATE_HDR_FF,
-	MODEM_PPP_RECEIVE_STATE_HDR_7D,
-	MODEM_PPP_RECEIVE_STATE_HDR_23,
+	MODEM_PPP_RECEIVE_STATE_HDR_ADDRESS_FIELD,
+	MODEM_PPP_RECEIVE_STATE_HDR_CONTROL_FIELD,
 	/* Writing bytes to network packet */
 	MODEM_PPP_RECEIVE_STATE_WRITING,
-	/* Unescaping next byte before writing to network packet */
-	MODEM_PPP_RECEIVE_STATE_UNESCAPING,
 };
 
 enum modem_ppp_transmit_state {
@@ -81,6 +78,9 @@ struct modem_ppp {
 
 	atomic_t state;
 
+	/* Indicates whether the last read byte was 0x7D */
+	bool prev_byte_was_escape_byte;
+
 	/* Buffers used for processing partial frames */
 	uint8_t *receive_buf;
 	uint8_t *transmit_buf;
diff --git a/subsys/modem/modem_ppp.c b/subsys/modem/modem_ppp.c
index 537f198251f7..6f92cf6d7ffd 100644
--- a/subsys/modem/modem_ppp.c
+++ b/subsys/modem/modem_ppp.c
@@ -203,34 +203,43 @@ static bool modem_ppp_is_byte_expected(uint8_t byte, uint8_t expected_byte)
 
 static void modem_ppp_process_received_byte(struct modem_ppp *ppp, uint8_t byte)
 {
+	// Previous bytes was 0x7D, so we need to unescape the currenty byte
+	if (ppp->prev_byte_was_escape_byte) {
+		ppp->prev_byte_was_escape_byte = false;
+		byte ^= MODEM_PPP_VALUE_ESCAPE;
+	}
+
+	// At any point between start and end of frame, we can receive an escape byte.
+	if (ppp->receive_state != MODEM_PPP_RECEIVE_STATE_HDR_SOF) {
+		if (byte == MODEM_PPP_CODE_ESCAPE) {
+			ppp->prev_byte_was_escape_byte = true;
+			return;
+		}
+	}
+
 	switch (ppp->receive_state) {
+		// Start of frame
 	case MODEM_PPP_RECEIVE_STATE_HDR_SOF:
 		if (modem_ppp_is_byte_expected(byte, MODEM_PPP_CODE_DELIMITER)) {
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_FF;
+			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_ADDRESS_FIELD;
 		}
 		break;
-
-	case MODEM_PPP_RECEIVE_STATE_HDR_FF:
+	case MODEM_PPP_RECEIVE_STATE_HDR_ADDRESS_FIELD:
 		if (byte == MODEM_PPP_CODE_DELIMITER) {
 			break;
 		}
 		if (modem_ppp_is_byte_expected(byte, 0xFF)) {
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_7D;
-		} else {
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_SOF;
+			// address field is always 0xFF (broadcast)
+			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_CONTROL_FIELD;
 		}
-		break;
-
-	case MODEM_PPP_RECEIVE_STATE_HDR_7D:
-		if (modem_ppp_is_byte_expected(byte, MODEM_PPP_CODE_ESCAPE)) {
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_23;
-		} else {
+		else {
 			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_SOF;
 		}
 		break;
 
-	case MODEM_PPP_RECEIVE_STATE_HDR_23:
-		if (modem_ppp_is_byte_expected(byte, 0x23)) {
+	case MODEM_PPP_RECEIVE_STATE_HDR_CONTROL_FIELD:
+		if (modem_ppp_is_byte_expected(byte, 0x03)) {
+			// control field is always 0x03 (Unnumbered Information frame, UI)
 			ppp->rx_pkt = net_pkt_rx_alloc_with_buffer(ppp->iface,
 				CONFIG_MODEM_PPP_NET_BUF_FRAG_SIZE, AF_UNSPEC, 0, K_NO_WAIT);
 
@@ -243,10 +252,10 @@ static void modem_ppp_process_received_byte(struct modem_ppp *ppp, uint8_t byte)
 			LOG_DBG("Receiving PPP frame");
 			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_WRITING;
 			net_pkt_cursor_init(ppp->rx_pkt);
-		} else {
+		}
+		else {
 			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_SOF;
 		}
-
 		break;
 
 	case MODEM_PPP_RECEIVE_STATE_WRITING:
@@ -264,13 +273,13 @@ static void modem_ppp_process_received_byte(struct modem_ppp *ppp, uint8_t byte)
 
 			ppp->rx_pkt = NULL;
 			/* Skip SOF because the delimiter may be omitted for successive frames. */
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_FF;
+			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_ADDRESS_FIELD;
 			break;
 		}
 
 		if (net_pkt_available_buffer(ppp->rx_pkt) == 1) {
 			if (net_pkt_alloc_buffer(ppp->rx_pkt, CONFIG_MODEM_PPP_NET_BUF_FRAG_SIZE,
-						 AF_INET, K_NO_WAIT) < 0) {
+						AF_INET, K_NO_WAIT) < 0) {
 				LOG_WRN("Failed to alloc buffer");
 				net_pkt_unref(ppp->rx_pkt);
 				ppp->rx_pkt = NULL;
@@ -279,11 +288,6 @@ static void modem_ppp_process_received_byte(struct modem_ppp *ppp, uint8_t byte)
 			}
 		}
 
-		if (byte == MODEM_PPP_CODE_ESCAPE) {
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_UNESCAPING;
-			break;
-		}
-
 		if (net_pkt_write_u8(ppp->rx_pkt, byte) < 0) {
 			LOG_WRN("Dropped PPP frame");
 			net_pkt_unref(ppp->rx_pkt);
@@ -295,21 +299,6 @@ static void modem_ppp_process_received_byte(struct modem_ppp *ppp, uint8_t byte)
 		}
 
 		break;
-
-	case MODEM_PPP_RECEIVE_STATE_UNESCAPING:
-		if (net_pkt_write_u8(ppp->rx_pkt, (byte ^ MODEM_PPP_VALUE_ESCAPE)) < 0) {
-			LOG_WRN("Dropped PPP frame");
-			net_pkt_unref(ppp->rx_pkt);
-			ppp->rx_pkt = NULL;
-			ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_SOF;
-#if defined(CONFIG_NET_STATISTICS_PPP)
-			ppp->stats.drop++;
-#endif
-			break;
-		}
-
-		ppp->receive_state = MODEM_PPP_RECEIVE_STATE_WRITING;
-		break;
 	}
 }
 
@@ -556,6 +545,7 @@ void modem_ppp_release(struct modem_ppp *ppp)
 	k_work_cancel_sync(&ppp->process_work, &sync);
 	ppp->pipe = NULL;
 	ppp->receive_state = MODEM_PPP_RECEIVE_STATE_HDR_SOF;
+	ppp->prev_byte_was_escape_byte = false;
 
 	if (ppp->rx_pkt != NULL) {
 		net_pkt_unref(ppp->rx_pkt);