use-after-free in validate_intro_point_failure
In validate_intro_point_failure(), we look at identity after freeing intro. But identity is a reference into intro, so we shouldn't free intro till we're done with it.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information