Samba 4.3.8 nmbd process pegs CPU

[John Kaiser]

I am running Samba 4.3.8 on OpenBSD 5.9 release + patches 1,2,&3,
compiled after doing cvs to ports stable.  The goal of course, was to
get past the badlock vulnerabilities.  The problem server is configured
as an NT style domain controller, no AD.
I am having trouble with the nmbd process.  It keeps on pegging the cpu,
then starting a new copy which then pegs the next cpu.  It looks like
this in top.

  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU 
COMMAND
  632 root      64    0 1168K 2756K onproc    -        23:25 99.02% nmbd
17969 root      64    0 1180K 2796K onproc    -        12:12 99.02% nmbd
25199 root      64    0 1168K 2272K onproc    -         7:24 99.02% nmbd
21685 root      64    0 1172K 2260K onproc    -         2:09 99.02% nmbd

I can not find anything in the logs which gives me any clue.

To try and get some idea of what is going wrong, I ran gdb and attached
to the running nmbd process.  The typical backtrace looks like this, 
where rthread_cancel can be at lines 176, 198, or 204:

(gdb) bt
#0  0x00001c7153f6046a in connect () at <stdin>:2
#1  0x00001c71129b717d in connect (fd=24, addr=0x1c7139fa5a20, 
addrlen=16)
    at /usr/src/lib/librthread/rthread_cancel.c:176
#2  0x00001c7086e358d8 in async_connect_send ()
   from /usr/local/lib/samba/libsmb-transport-samba4.so
#3  0x00001c71023c5cb1 in open_socket_out_connected ()
   from /usr/local/lib/libsmbconf.so.0.0
#4  0x00001c7091cf7659 in tevent_common_loop_immediate ()
   from /usr/local/lib/libtevent.so.0.1
#5  0x00001c71023d7c9a in run_events_poll () from 
/usr/local/lib/libsmbconf.so.0.0
#6  0x00001c71023d82a0 in s3_event_loop_once () from 
/usr/local/lib/libsmbconf.so.0.0
#7  0x00001c7091cf6ab1 in _tevent_loop_once () from 
/usr/local/lib/libtevent.so.0.1
#8  0x00001c7091cf801b in tevent_req_poll () from 
/usr/local/lib/libtevent.so.0.1
#9  0x00001c7095c76466 in tevent_req_poll_ntstatus ()
   from /usr/local/lib/libtevent-util.so.0.0
#10 0x00001c707ddb8552 in cli_connect_nb ()
   from /usr/local/lib/samba/liblibsmb-samba4.so
#11 0x00001c6e64325106 in sync_browse_lists () from /usr/local/sbin/nmbd
#12 0x00001c6e6430c1b6 in sync_all_dmbs () from /usr/local/sbin/nmbd
#13 0x00001c6e6430957a in main () from /usr/local/sbin/nmbd
Current language:  auto; currently asm

Is there a way out of this?

-=-
jk