The status_fd created by tfork_start_waiter_and_worker() can be unwittingly shared between the parent process and any other process created with tfork() or fork().
This means that a close() in the parent may not be enough to close the pipe, and so trigger a read in the waiter process (the child), and so the parent will block in the subsequent waitpid() until the FD is eventually closed by the other processes that also hold it, typically by exit().
Thankfully tfork() is currently only in use in samba_runcmd_send() with children that exec(), and the FD is set as close-on-exec, but if the process calling it, or a library it uses, calls fork() or a new different use of tfork() while there is an outstanding child, this issue becomes a lockup.
See the detailed description in the commit message.
Pushed to v4-7-test with the review from email@example.com