--- x/include/net/bluetooth/l2cap.h
+++ y/include/net/bluetooth/l2cap.h
@@ -938,6 +938,7 @@ static inline long l2cap_chan_no_get_snd
 
 extern bool disable_ertm;
 extern bool enable_ecred;
+extern struct mutex cfm_mutex;
 
 int l2cap_init_sockets(void);
 void l2cap_cleanup_sockets(void);
--- x/net/bluetooth/l2cap_sock.c
+++ y/net/bluetooth/l2cap_sock.c
@@ -1411,6 +1411,7 @@ shutdown_already:
 	return err;
 }
 
+DEFINE_MUTEX(cfm_mutex);
 static int l2cap_sock_release(struct socket *sock)
 {
 	struct sock *sk = sock->sk;
@@ -1422,9 +1423,11 @@ static int l2cap_sock_release(struct soc
 	if (!sk)
 		return 0;
 
+	mutex_lock(&cfm_mutex);
 	lock_sock_nested(sk, L2CAP_NESTING_PARENT);
 	l2cap_sock_cleanup_listen(sk);
 	release_sock(sk);
+	mutex_unlock(&cfm_mutex);
 
 	bt_sock_unlink(&l2cap_sk_list, sk);
 
--- x/net/bluetooth/l2cap_core.c
+++ y/net/bluetooth/l2cap_core.c
@@ -7301,7 +7301,9 @@ next:
 		pchan = next;
 	}
 
+	mutex_lock(&cfm_mutex);
 	l2cap_conn_ready(conn);
+	mutex_unlock(&cfm_mutex);
 }
 
 int l2cap_disconn_ind(struct hci_conn *hcon)