When cancelling a request at the main winbindd process, that is currently being served by a child winbindd process, just freeing all objects related to the request is not enough, as the next bytes to come through the pipe from the child process are the response to the cancelled request, and the object reading those bytes will be the next request. This breaks the protocol. There's no clear scenario of how to reproduce this, but in general winbindd __currently__ may cancel requests if their service time (from client's perspective, i.e. including waiting for other requests to complete) exceeds "winbind request timeout", or if the number of clients exceeds "winbind max clients" and this is the oldest request.
Created attachment 11194 [details] Proposed fix to master
Created attachment 11214 [details] Patches for v4-2-test
Created attachment 11215 [details] Patches for v4-1-test
Karolin, please add the patches to 4.2 and 4.1. Thanks!
Pushed to autobuild-v4-[1|2]-test.
Patch breaks 4.1 build: [3077/4133] Compiling source3/winbindd/winbindd_dual.c ../source3/winbindd/winbindd_dual.c: In function 'wb_child_request_send': ../source3/winbindd/winbindd_dual.c:141: error: implicit declaration of function 'tevent_req_set_cleanup_fn'
Pushed to v4-2-test.
I guess this can be closed...