--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -123,11 +123,14 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk,
 					  struct request_sock *req_unhash,
 					  bool *own_req)
 {
+        read_lock_bh(&((struct sock *)sk)->sk_callback_lock);
 	struct smc_sock *smc;
 	struct sock *child;
-
 	smc = smc_clcsock_user_data(sk);
 
+	if (!smc)
+		goto drop;
+
 	if (READ_ONCE(sk->sk_ack_backlog) + atomic_read(&smc->queued_smc_hs) >
 				sk->sk_max_ack_backlog)
 		goto drop;
@@ -148,9 +151,11 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk,
 		if (inet_csk(child)->icsk_af_ops == inet_csk(sk)->icsk_af_ops)
 			inet_csk(child)->icsk_af_ops = smc->ori_af_ops;
 	}
+	read_unlock_bh(&((struct sock *)sk)->sk_callback_lock);
 	return child;
 
 drop:
+	read_unlock_bh(&((struct sock *)sk)->sk_callback_lock);
 	dst_release(dst);
 	tcp_listendrop(sk);
 	return NULL;
@@ -2613,7 +2618,7 @@ int smc_listen(struct socket *sock, int backlog)
 	int rc;
 
 	smc = smc_sk(sk);
-	lock_sock(sk);
+	lock_sock(sock->sk);
 
 	rc = -EINVAL;
 	if ((sk->sk_state != SMC_INIT && sk->sk_state != SMC_LISTEN) ||