The code path for downgrading sockets from SSL to non-SSL includes this code:
It is possible for libprocess to hold both temporary and persistent sockets to the same address. This can happen when a message is first sent (ProcessBase::send), and then a link is established (ProcessBase::link). When the target of the message/link is a non-SSL socket, both temporary and persistent sockets go through the downgrade path.
If a temporary socket is present while a persistent socket is being created, the above code will remap both temporary and persistent sockets to the same address (it should only remap the persistent socket). This leads to some CHECK failures if those sockets are used or closed later: