qcacld-3.0: Fix use after free for txrx_vdev_handle

In wma_vdev_attach, if peer failed to create, it will detach
vdev, but without reset txrx_vdev_handle to NULL, so vdev
is still used in cdp_data_tx_cb_set.

Reset txrx_vdev_handle to NULL in wma_vdev_attach if create peer
fails.

Change-Id: Ie3963625ed7206eb1737f5820ec58d84f2ca9084
CRs-Fixed: 2407717

core/wma/src/wma_dev_if.c

@@ -2989,6 +2989,7 @@ struct cdp_vdev *wma_vdev_attach(tp_wma_handle wma_handle,
 			wma_handle->interfaces[vdev_id].vdev_active = false;
 			wma_cdp_vdev_detach(soc, wma_handle, vdev_id);
 			wma_handle->interfaces[vdev_id].vdev = NULL;
+			txrx_vdev_handle = NULL;
 			goto end;
 		}
 	} else if (self_sta_req->type == WMI_VDEV_TYPE_STA) {
@@ -3005,6 +3006,7 @@ struct cdp_vdev *wma_vdev_attach(tp_wma_handle wma_handle,
 			wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_WMA_ID);
 			wma_handle->interfaces[vdev_id].vdev = NULL;
 			wma_cdp_vdev_detach(soc, wma_handle, vdev_id);
+			txrx_vdev_handle = NULL;
 			goto end;
 		}
 	}