> 	I spent a minute or two reading that code when I found when crcmp()
> is used, and decided I didn't have the time to actually understand
> what it is doing and WHY it checks if one credential is the same as
> some other one, or WHERE those credentials come from.

The relevant change shows up in 1.195 of src/sys/kern/vfs_subr.c:

from the commit message:

date: 2003/05/16 14:01:56;  author: christos;  state: Exp;  lines: +74 -27
Fix a variety of kernel panics related to unchecked export data:
[...]
3. we only know about inet4 and inet6, so make sure that the corresponding
   data is valid before using it.

and the code itself:

+check:
                if (enp->netc_exflags != argp->ex_flags ||
-                   enp->netc_anon.cr_uid != argp->ex_anon.cr_uid ||
-                   enp->netc_anon.cr_gid != argp->ex_anon.cr_gid ||
-                   enp->netc_anon.cr_ngroups !=
-                                       (uint32_t) argp->ex_anon.cr_ngroups ||
-                   memcmp(&enp->netc_anon.cr_groups, &argp->ex_anon.cr_groups,
-                       enp->netc_anon.cr_ngroups))
+           crcmp(&enp->netc_anon, &argp->ex_anon) != 0)

Presumably, this was intended as some sort of abstraction for other
nfs-like code. I imagine, as the code was subsequently split out
into only being in NFS, that the subroutine might be either
superfluous or or harmful.