samba - Nov 2019 - Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?

I?m trying to understand a weird authentication failure:

I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest,
with a bidirectional forest trust.
The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is
running a recent build from git master (f38077ea5ee).

When I test authentication of users in each domain by running ntlm_auth on
the samba server, it is successful for users in either domain.

When I try to connect from a Windows client in TC84 using SMB, it is only
successful for users in the TC83 domain. For users in the TC84 domain, smbd
seems to go off the rails looking for a Kerberos machine principal in the
TC84 domain, even though it is not a member of that domain (it's a member
of TC83, which trusts TC84):

Nov 15 15:53:04 kvm7246-vm022 smbd[15209]: [2019/11/15 15:53:04.524996,  1,
pid=15209, effective(0, 0), real(0, 0)]
../../source3/librpc/crypto/gse.c:659(gse_get_server_auth_token)
Nov 15 15:53:04 kvm7246-vm022 smbd[15209]:   gss_accept_sec_context failed
with [ Miscellaneous failure (see text): Failed to find
cifs/kvm7246-vm022.maas.local at TC84.LOCAL(kvno 10) in keytab
MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]

Why is smbd looking for a principal of the form
"cifs/kvm7246-vm022.maas.local at TC84.LOCAL"?

n

[See
https://drive.google.com/drive/folders/1jsVWHL--mVEnK9pDFUajyt2nQQ5cLpOQ
for full logs and smb.conf]