This is one of those issues that is an obvious code-smell once you’re aware of it, inp_join_group will release a lock, so that is can call another function that requires the same lock, and then take the lock back after the function has executed creating a window where another function can obtain the lock and free the pointer from under it.