--- x/net/bluetooth/sco.c
+++ y/net/bluetooth/sco.c
@@ -192,7 +192,6 @@ static struct sco_conn *sco_conn_add(str
 			conn->hcon = hcon;
 			sco_conn_unlock(conn);
 		}
-		sco_conn_put(conn);
 		return conn;
 	}
 
@@ -201,6 +200,7 @@ static struct sco_conn *sco_conn_add(str
 		return NULL;
 
 	kref_init(&conn->ref);
+	kref_get(&conn->ref);
 	spin_lock_init(&conn->lock);
 	INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout);