wmi_evt_auth_status() and wmi_evt_reassoc_status() call wil6210_disconnect
in their error paths without holding wil->mutex. This eventually leads to
wil_ring_fini_tx() and wil_ring_free_edma() being called, both of which
require the mutex to be held as indicated by lockdep_assert_held().

Other callers of wil6210_disconnect() (wil_cfg80211_del_station,
wil_vif_remove, wil_reset) properly acquire the mutex before calling.

Add mutex_lock()/mutex_unlock() around the wil6210_disconnect() calls
in the WMI event handlers to fix the missing lock protection.

Signed-off-by: Ziyi Guo <n7l8m4@u.northwestern.edu>
---
 drivers/net/wireless/ath/wil6210/wmi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index 6d376f85fbde..2bd09a225ad0 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -1703,7 +1703,9 @@ wmi_evt_auth_status(struct wil6210_vif *vif, int id, void *d, int len)
 	return;
 
 fail:
+	mutex_lock(&wil->mutex);
 	wil6210_disconnect(vif, NULL, WLAN_REASON_PREV_AUTH_NOT_VALID);
+	mutex_unlock(&wil->mutex);
 }
 
 static void
@@ -1832,7 +1834,9 @@ wmi_evt_reassoc_status(struct wil6210_vif *vif, int id, void *d, int len)
 	return;
 
 fail:
+	mutex_lock(&wil->mutex);
 	wil6210_disconnect(vif, NULL, WLAN_REASON_PREV_AUTH_NOT_VALID);
+	mutex_unlock(&wil->mutex);
 }
 
 static void
-- 
2.34.1