Thread A calls ViewCatalog::lookup() and obtains a raw ViewDefinition*.
Thread B inserts a valid view directly into system.views. ViewCatalog::_valid is marked as false. (Note that this insert is possible because Thread A locks the database in MODE_IS, which does not conflict with a MODE_IX lock obtained by Thread B. Other commands that modify the view definitions require a MODE_X lock; i.e. create, collMod, drop.)
Thread C calls a method of ViewCatalog, which implicitly reloads the catalog, clearing the old ViewMap, freeing all of the old ViewDefinitions.
All iterators to the old ViewMap are now invalidated and all the ViewDefinition pointers have been freed, but Thread A might still be holding onto the ViewDefinition and may try to use it, resulting in undefined behavior.
Bug
Critical - P2