--- x/net/netfilter/nf_conntrack_core.c
+++ y/net/netfilter/nf_conntrack_core.c
@@ -1430,6 +1430,7 @@ static void gc_worker(struct work_struct
 	if (gc_work->early_drop)
 		nf_conntrack_max95 = nf_conntrack_max / 100u * 95u;
 
+	mutex_lock(&nf_conntrack_mutex);
 	do {
 		struct nf_conntrack_tuple_hash *h;
 		struct hlist_nulls_head *ct_hash;
@@ -1498,6 +1499,8 @@ static void gc_worker(struct work_struct
 		}
 	} while (i < hashsz);
 
+	mutex_unlock(&nf_conntrack_mutex);
+
 	if (gc_work->exiting)
 		return;