diff --git a/arch/arm64/kernel/xcall/core.c b/arch/arm64/kernel/xcall/core.c
index 18b73c044a8dec1c30d6a60beca88bb6ba4cf11e..932452480f0fc436c8111829b3f1f85796b4fdd7 100644
--- a/arch/arm64/kernel/xcall/core.c
+++ b/arch/arm64/kernel/xcall/core.c
@@ -343,8 +343,10 @@ int xcall_detach(struct xcall_comm *comm)
 
 	put_xcall(xcall);
 	list_del(&xcall->list);
-	put_xcall(xcall);
 	spin_unlock(&xcall_list_lock);
+
+	// this put_xcall pairs with list_del(&xcall->list) above
+	put_xcall(xcall);
 	return 0;
 }
 
diff --git a/drivers/staging/xcall/prefetch.c b/drivers/staging/xcall/prefetch.c
index 19370d7023d85df8168a6985f029959e353bef5d..91cde48127691ab5d48cca2b20b259b5bfa9eb47 100644
--- a/drivers/staging/xcall/prefetch.c
+++ b/drivers/staging/xcall/prefetch.c
@@ -154,10 +154,10 @@ static inline struct prefetch_item *get_pfi(unsigned int fd)
 {
 	struct prefetch_item *pfis = NULL;
 
-	if (fd >= MAX_FD || !current_prefetch_mm_data())
+	pfis = (struct prefetch_item *)current_prefetch_mm_data();
+	if (fd >= MAX_FD || !pfis)
 		return NULL;
 
-	pfis = (struct prefetch_item *)current_prefetch_mm_data();
 	return pfis + fd;
 }
 
@@ -475,7 +475,7 @@ static long __do_sys_epoll_pwait(struct pt_regs *regs)
 			continue;
 
 		pfi = get_pfi(fd);
-		if (!(pfi->file) || !(pfi->file->f_mode & FMODE_READ))
+		if (!pfi || !(pfi->file) || !(pfi->file->f_mode & FMODE_READ))
 			continue;
 		if (atomic_read(&pfi->state) != XCALL_CACHE_NONE)
 			continue;