Actually, reviewing my patch a little bit, it seems that I released the cred which then goes on to be used in the error case. A not terribly elegant fix to this would be to duplicate the release code above the fail: label and leave the existing code at the tail of the function...