restarting nfs-server seems to create memory corruption

I just upgraded an NFS server from 20.04 to 22.04. Because of problems in my setup, it didn't come up cleanly. As part of recovery I did "systemctl restart nfs-server." I did this after two reboots. In both cases shortly thereafter I got one or more backtraces in syslog

Aug 11 09:49:25 eternal.lcsr.rutgers.edu kernel: [ 286.197557] refcount_t: addition on 0; use-after-free.
...
Aug 11 09:49:25 eternal.lcsr.rutgers.edu kernel: [ 286.197695] get_nfsdfs_client+0x65/0x80 [nfsd]

I'm not giving the whole thing because it should show in the data sent by apport.

Also, starting after the first one, I started seeing things
like Aug 11 09:49:26 eternal.lcsr.rutgers.edu rpc.mountd[19922]: v4.0 client detached: (null) from (null)
Aug 11 09:49:26 eternal.lcsr.rutgers.edu rpc.mountd[19922]: message repeated 1831 times: [ v4.0 client detached: (null) f\
rom (null)]

About 30 min after the first attempted restart, the kernel crashed. I have no further information, because it hung in the startup process when trying to get a dump. That means I don't absolutely know that the crash was due to the restart nfs-server. However our NFS servers have been quite stable otherwise, under both 20.04 and 22.04, so it seems a good bet the crash is connected.

At least the use-after-free seems reproducible, since I saw it both times I tried the same thing after rebooting.

Ubuntu 5.15.0-46.49-generic 5.15.39

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-5.15.0-46-generic 5.15.0-46.49
ProcVersionSignature: Ubuntu 5.15.0-46.49-generic 5.15.39
Uname: Linux 5.15.0-46-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Aug 11 10:46 seq
 crw-rw---- 1 root audio 116, 33 Aug 11 10:46 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CasperMD5CheckResult: pass
Date: Sat Aug 13 15:04:23 2022
InstallationDate: Installed on 2020-11-12 (639 days ago)
InstallationMedia: Ubuntu-Server 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Dell Inc. PowerEdge R730
PciMultimedia:

ProcFB: 0 mgag200drmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-46-generic root=UUID=0075734a-4440-4327-82e0-b0c303f1a1d7 ro crashkernel=512M-:192M
RelatedPackageVersions:
 linux-restricted-modules-5.15.0-46-generic N/A
 linux-backports-modules-5.15.0-46-generic N/A
 linux-firmware 20220329.git681281e4-0ubuntu3.3
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: Upgraded to jammy on 2022-08-11 (2 days ago)
dmi.bios.date: 11/02/2019
dmi.bios.release: 2.11
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 2.11.0
dmi.board.name: 0599V5
dmi.board.vendor: Dell Inc.
dmi.board.version: A06
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr2.11.0:bd11/02/2019:br2.11:svnDellInc.:pnPowerEdgeR730:pvr:rvnDellInc.:rn0599V5:rvrA06:cvnDellInc.:ct23:cvr:skuSKU=NotProvided;ModelName=PowerEdgeR730:
dmi.product.name: PowerEdge R730
dmi.product.sku: SKU=NotProvided;ModelName=PowerEdge R730
dmi.sys.vendor: Dell Inc.
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2020-11-12T12:56:54.987058