The resolvedNss = &(view->viewOn()) address refers to memory within ViewCatalog::_viewMap and would have therefore been freed when a subsequent iteration of ViewCatalog::_lookup_inlock() leads to ViewCatalog::_reloadIfNeeded_inlock() being called. This could happen if ViewCatalog::invalidate() is called concurrently while following a chain of view definitions in ViewCatalog::resolveView().

Note: This issue cannot be triggered against MongoDB 3.4 or 3.6 because the parallel-batch writer lock prevents resolving a view definition from overlapping with oplog application.