In otp_state.c:callback(), if we did not receive an accept packet, but
were not out of tokens, we invoke request_send() and then fall through
to the error case.  This results in two things happening:

- First, we yield a failure.  If request_send() succeeded, then we
  erroneously report failure.  But if request_send() has failed, we
  report the failure again, and request_send() has already freed the
  request object (making this a use-after-free).

- Second, we call request_free().  However, since request_send()
  may have already freed the request, this is a double-free.

Thanks,
--Robbie