ath9k: fix a memory leak in ath_rx_tasklet()

commit 0d95521ea7 (ath9k: use split rx buffers to get rid of order-1 skb
allocations) added in memory leak in error path.

sc->rx.frag should be cleared after the pskb_expand_head() call, or else
we jump to requeue_drop_frag and leak an skb.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jouni Malinen <jouni@qca.qualcomm.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: John W. Linville <linville@tuxdriver.com>
Cc: Trond Wuellner <trond@chromium.org>
Cc: Grant Grundler <grundler@chromium.org>
Cc: Paul Stewart <pstew@chromium.org>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

drivers/net/wireless/ath/ath9k/recv.c

@@ -1913,13 +1913,13 @@ int ath_rx_tasklet(struct ath_softc *sc, int flush, bool hp)
 		if (sc->rx.frag) {
 			int space = skb->len - skb_tailroom(hdr_skb);
 
-			sc->rx.frag = NULL;
-
 			if (pskb_expand_head(hdr_skb, 0, space, GFP_ATOMIC) < 0) {
 				dev_kfree_skb(skb);
 				goto requeue_drop_frag;
 			}
 
+			sc->rx.frag = NULL;
+
 			skb_copy_from_linear_data(skb, skb_put(hdr_skb, skb->len),
 						  skb->len);
 			dev_kfree_skb_any(skb);