--- x/net/bluetooth/sco.c
+++ y/net/bluetooth/sco.c
@@ -271,6 +271,8 @@ static int sco_connect(struct sock *sk)
 	hci_dev_unlock(hdev);
 	hci_dev_put(hdev);
 
+	if (!hcon)
+		return -ENOMEM;
 	conn = sco_conn_add(hcon);
 	if (!conn) {
 		hci_conn_drop(hcon);