qcacmn: Clear defrag waitlist in all cases

Rx defrag waitlist was not getting cleared during dp_peer_rx_cleanup in
the case of STA mode even though the tid was getting deleted. This
created a scenario where the next time dp_rx_defrag_waitlist_remove was
called, it was trying to access now invalid memory. If a vdev was
disconnected in the middle of receiving traffic, then the tid would be
deleted but the rx frag waitlist would not. Upon reconnecting, the
reception of the next frag would cause a crash due to the now invalid
memory in the waitlist.

Change-Id: I5bb1a31f38fa45128d0f35fafaddaf729c99489d
CRs-Fixed: 2538879

dp/wifi3.0/dp_rx_defrag.c

@@ -236,9 +236,8 @@ static void dp_rx_defrag_waitlist_add(struct dp_peer *peer, unsigned tid)
 	struct dp_soc *psoc = peer->vdev->pdev->soc;
 	struct dp_rx_tid *rx_reorder = &peer->rx_tid[tid];
 
-	QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_INFO_HIGH,
-		  FL("Adding TID %u to waitlist for peer %pK"),
-		  tid, peer);
+	dp_info("Adding TID %u to waitlist for peer %pK at MAC address %pM",
+		tid, peer, peer->mac_addr.raw);
 
 	/* TODO: use LIST macros instead of TAIL macros */
 	qdf_spin_lock_bh(&psoc->rx.defrag.defrag_lock);
@@ -266,11 +265,12 @@ void dp_rx_defrag_waitlist_remove(struct dp_peer *peer, unsigned tid)
 	struct dp_rx_tid *rx_reorder;
 	struct dp_rx_tid *tmp;
 
-	if (tid > DP_MAX_TIDS) {
-		QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_INFO_HIGH,
-			  "TID out of bounds: %d", tid);
-		qdf_assert(0);
-		return;
+	dp_info("Removing TID %u to waitlist for peer %pK at MAC address %pM",
+		tid, peer, peer->mac_addr.raw);
+
+	if (tid >= DP_MAX_TIDS) {
+		dp_info("TID out of bounds: %d", tid);
+		qdf_assert_always(0);
 	}
 
 	qdf_spin_lock_bh(&soc->rx.defrag.defrag_lock);
@@ -1431,6 +1431,11 @@ dp_rx_defrag_store_fragment(struct dp_soc *soc,
 		goto discard_frag;
 	}
 
+	if (tid >= DP_MAX_TIDS) {
+		dp_info("TID out of bounds: %d", tid);
+		qdf_assert_always(0);
+	}
+
 	pdev = peer->vdev->pdev;
 	rx_tid = &peer->rx_tid[tid];