diff -ru a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
--- a/net/netfilter/nf_nat_core.c	2013-06-30 22:13:29.000000000 +0000
+++ b/net/netfilter/nf_nat_core.c	2014-05-16 09:48:50.832813102 +0000
@@ -604,6 +604,7 @@
 /* No one using conntrack by the time this called. */
 static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
 {
+	struct net *net = nf_ct_net(ct);
 	struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
 
 	if (nat == NULL || nat->ct == NULL)
@@ -612,7 +613,8 @@
 	NF_CT_ASSERT(nat->ct->status & IPS_SRC_NAT_DONE);
 
 	spin_lock_bh(&nf_nat_lock);
-	hlist_del_rcu(&nat->bysource);
+	if (net->ct.nat_bysource != NULL)
+		hlist_del_rcu(&nat->bysource);
 	spin_unlock_bh(&nf_nat_lock);
 }
 
@@ -747,11 +749,18 @@
 
 static void __net_exit nf_nat_net_exit(struct net *net)
 {
+	struct hlist_head *htable = NULL;
 	struct nf_nat_proto_clean clean = {};
 
 	nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean, 0, 0);
+
+	spin_lock_bh(&nf_nat_lock);
+	htable = net->ct.nat_bysource;
+	net->ct.nat_bysource = NULL;
+	spin_unlock_bh(&nf_nat_lock);
+
 	synchronize_rcu();
-	nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size);
+	nf_ct_free_hashtable(htable, net->ct.nat_htable_size);
 }
 
 static struct pernet_operations nf_nat_net_ops = {