qcacmn: Free buffer after processing flush_tlvs

Buffer was freed before processing the TLVs
(while flushing) leading to use after free access.

CRs-Fixed: 3425044
Change-Id: Ida3bcf9add95041c43b2b1e8e3450853bd0ed88c

dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c

@@ -1359,12 +1359,14 @@ dp_rx_mon_handle_flush_n_trucated_ppdu(struct dp_soc *soc,
 	dp_rx_mon_flush_status_buf_queue(pdev);
 	buf = mon_desc->buf_addr;
 	end_offset = mon_desc->end_offset;
-	qdf_frag_free(mon_desc->buf_addr);
-	DP_STATS_INC(mon_soc, frag_free, 1);
 	dp_mon_add_to_free_desc_list(&desc_list, &tail, mon_desc);
 	work_done = 1;
 	work_done += dp_rx_mon_flush_packet_tlv(pdev, buf, end_offset,
 						&desc_list, &tail);
+	if (buf) {
+		qdf_frag_free(buf);
+		DP_STATS_INC(mon_soc, frag_free, 1);
+	}
 	if (desc_list)
 		dp_mon_add_desc_list_to_free_list(soc, &desc_list, &tail,
 						  rx_mon_desc_pool);