qcacmn: fix crash found in intrabss-forwarding

We are zeroing out complete peer structure after
initialing ast_entry queue. so re-adjusted code.
Also wds source port learning is called before we
pull the TLVs from the nbuf resulting in accessing
wrong src mac address.

Change-Id: Ifd5a2056a3f9f03a1ff1cf5b79046f932dd38510

dp/wifi3.0/dp_main.c

@@ -1736,14 +1736,15 @@ static void *dp_peer_create_wifi3(struct cdp_vdev *vdev_handle,
 	if (!peer)
 		return NULL; /* failure */
 
+	qdf_mem_zero(peer, sizeof(struct dp_peer));
+
 	TAILQ_INIT(&peer->ast_entry_list);
 	qdf_mem_copy(&peer->self_ast_entry.mac_addr, peer_mac_addr,
 			DP_MAC_ADDR_LEN);
 	peer->self_ast_entry.peer = peer;
-	TAILQ_INSERT_HEAD(&peer->ast_entry_list, &peer->self_ast_entry,
+	TAILQ_INSERT_TAIL(&peer->ast_entry_list, &peer->self_ast_entry,
 				ast_entry_elem);
 
-	qdf_mem_zero(peer, sizeof(struct dp_peer));
 	qdf_spinlock_create(&peer->peer_info_lock);
 
 	/* store provided params */

dp/wifi3.0/dp_rx_err.c

@@ -295,9 +295,6 @@ dp_rx_null_q_desc_handle(struct dp_soc *soc, struct dp_rx_desc *rx_desc,
 		goto fail;
 	}
 
-	/* WDS Source Port Learning */
-	dp_rx_wds_srcport_learn(soc, rx_desc->rx_buf_start, peer, nbuf);
-
 	/*
 	 * Advance the packet start pointer by total size of
 	 * pre-header TLV's
@@ -307,6 +304,9 @@ dp_rx_null_q_desc_handle(struct dp_soc *soc, struct dp_rx_desc *rx_desc,
 	if (l2_hdr_offset)
 		qdf_nbuf_pull_head(nbuf, l2_hdr_offset);
 
+	/* WDS Source Port Learning */
+	dp_rx_wds_srcport_learn(soc, rx_desc->rx_buf_start, peer, nbuf);
+
 	if (hal_rx_mpdu_start_mpdu_qos_control_valid_get(
 		rx_desc->rx_buf_start)) {
 		/* TODO: Assuming that qos_control_valid also indicates