As reported in https://www.openwall.com/lists/yescrypt/2025/04/08/1 passing a pointer returned by crypt(3) previously as the salt for a subsequent crypt(3) call fails. Perhaps it should succeed (arguments fully processed/copied before the output buffer is first written to) or the man page should clarify that "It's also not safe to use the pointer returned as an argument for another call to crypt(3)." or both. I suspect the same could be happening for the password argument, which could somewhat realistically happen in case a certain system uses nested password hashing (perhaps as an upgrade of legacy hashing).