diff --git a/src/nvidia/src/kernel/rmapi/event.c b/src/nvidia/src/kernel/rmapi/event.c
index 8ca4d0036..464317ece 100644
--- a/src/nvidia/src/kernel/rmapi/event.c
+++ b/src/nvidia/src/kernel/rmapi/event.c
@@ -395,7 +395,6 @@ eventInit_IMPL
         *pppEventNotification = inotifyGetNotificationListPtr(pNotifierShare->pNotifier);
     }
 
-    serverRefShare(&g_resServ, staticCast(pNotifierShare, RsShared));
     pEvent->pNotifierShare = pNotifierShare;
 
     // RS-TODO these can be looked up from share
@@ -427,6 +426,7 @@ notifyGetOrAllocNotifShare_IMPL
     if (pNotifierShare == NULL)
     {
         RsShared *pShare;
+        // serverAllocShare() sets pNotifierShare->refCount to 1.
         status = serverAllocShare(&g_resServ, classInfo(NotifShare), &pShare);
         if (status != NV_OK)
             return status;
@@ -437,6 +437,14 @@ notifyGetOrAllocNotifShare_IMPL
         pNotifierShare->hNotifierResource = hNotifierResource;
         inotifySetNotificationShare(staticCast(pNotifier, INotifier), pNotifierShare);
     }
+    else
+    {
+        // Move serverRefShare() from eventInit_IMPL to here, so that |pNotifierShare|
+        // can be refcounted correctly.
+        //
+        // serverRefShare() increments pNotifierShare->refCount.
+        serverRefShare(&g_resServ, staticCast(pNotifierShare, RsShared));
+    }
 
     if (ppNotifierShare)
         *ppNotifierShare = pNotifierShare;
diff --git a/src/nvidia/src/kernel/rmapi/event_notification.c b/src/nvidia/src/kernel/rmapi/event_notification.c
index 908122874..310d38182 100644
--- a/src/nvidia/src/kernel/rmapi/event_notification.c
+++ b/src/nvidia/src/kernel/rmapi/event_notification.c
@@ -1109,4 +1109,10 @@ shrnotifDestruct_IMPL
     NotifShare *pNotifShare
 )
 {
+    // pNotifier->pNotifierShare should be set to NULL, or inotifyGetNotificationShare() would
+    // return invalid/wild pointer and cause kernel crash.
+    if (pNotifShare->pNotifier != NULL)
+    {
+        inotifySetNotificationShare(pNotifShare->pNotifier, NULL);
+    }
 }