diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 84c66db..fd16083 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1251,9 +1251,6 @@ get_next_corpse(int (*iter)(struct ip_co
 		if (h)
 			break;
 	}
-	if (!h)
-		h = LIST_FIND_W(&unconfirmed, do_iter,
-				struct ip_conntrack_tuple_hash *, iter, data);
 	if (h)
 		atomic_inc(&tuplehash_to_ctrack(h)->ct_general.use);
 	write_unlock_bh(&ip_conntrack_lock);
@@ -1267,6 +1264,9 @@ ip_ct_iterate_cleanup(int (*iter)(struct
 	struct ip_conntrack_tuple_hash *h;
 	unsigned int bucket = 0;
 
+	/* make sure there are no unconfirmed conntracks */
+	synchronize_net();
+
 	while ((h = get_next_corpse(iter, data, &bucket)) != NULL) {
 		struct ip_conntrack *ct = tuplehash_to_ctrack(h);
 		/* Time to push up daises... */