[Bug Report] 2.4.3 on macOS: anvil panics at anvil-connection.c:727 on every IMAP client handshake

Hi Dovecot developers, I'm hitting a reproducible anvil panic on macOS when any IMAP client tries to connect. Every client handshake triggers an i_unreached() assertion in anvil-connection.c:727, causing the anvil child to be killed with SIGABRT. Dovecot keeps restarting anvil, but every subsequent connection attempt triggers the same panic, so the service effectively cannot accept logins.

Environment

• Dovecot: 2.4.3 (e278b1e09b), Pigeonhole 2.4.3 (0bf9ee48) -- from Homebrew
• OS: macOS 15.6 (Sequoia, Darwin 24.6.0, arm64/Apple Silicon, APFS)
• Mail client: Mozilla Thunderbird 149.0.2
• Dovecot started via sudo brew services start dovecot (launchd)

Reproducing

1. Fresh macOS install of Dovecot 2.4.3 via Homebrew.
2. Configure a minimal single-user IMAP setup with passdb static / userdb static, SSL on port 993 with a self-signed cert, Maildir storage (config at end of this mail).
3. Start Dovecot as root via launchd (sudo brew services start dovecot).
4. Connect any IMAP client to localhost:993 (I used Thunderbird 149 with a permanent cert exception for the self-signed certificate).
5. The client hangs / reports "server closed the connection" / sees no folders.
6. dovecot.log fills with repeated entries like the following:

anvil: Warning: conn unix:anvil (uid=0): Handshake with duplicate
service=imap-login pid=-1 - replacing the old connection
anvil: Panic: file anvil-connection.c: line 727: unreached
anvil: Error: Raw backtrace: 0 libdovecot.0.dylib backtrace_append + 72 ->
1 libdovecot.0.dylib backtrace_get + 44 -> 2 libdovecot.0.dylib
default_fatal_finish + 72 -> 3 libdovecot.0.dylib default_error_handler ->
4 libdovecot.0.dylib i_internal_error_handler -> 5 libdovecot.0.dylib
i_fatal -> 6 libdovecot.0.dylib default_write -> 7 anvil
anvil_connection_input_line -> 8 libdovecot.0.dylib
connection_input_read_stream + 196 -> 9 libdovecot.0.dylib
connection_input_default + 72 -> 10 libdovecot.0.dylib io_loop_call_io +
116 -> 11 libdovecot.0.dylib io_loop_handler_run_internal + 284 -> 12
libdovecot.0.dylib io_loop_handler_run + 220 -> 13 libdovecot.0.dylib
io_loop_run + 88 -> 14 libdovecot.0.dylib master_service_run + 292 -> 15
anvil main + 368 -> 16 dyld start + 6076
anvil: Fatal: master: service(anvil): child NNNN killed with signal 6
(core dumps disabled)

The key signature is the two-line sequence:

Warning: conn unix:anvil (uid=0): Handshake with duplicate
service=imap-login pid=-1 - replacing the old connection
Panic: file anvil-connection.c: line 727: unreached

Every IMAP client handshake produces this. The pid=-1 in the handshake warning looks suspicious -- it appears anvil is either not receiving a valid pid from imap-login or is registering a second connection with the same service name before the first is cleaned up.

Workarounds attempted (none succeeded)

• User-level setup with default_login_user=andreas -> same panic
• Root-level setup with default_login_user=andreas -> same panic
• Root-level setup with default_login_user=_www (unprivileged macOS service account with uid=70) -> same panic
• Adding default_vsz_limit = unlimited (required separately on macOS because setrlimit(RLIMIT_DATA) fails with EINVAL on Darwin) -> did not affect anvil
• Plaintext IMAP on 143 (no TLS) vs. IMAPS on 993 with self-signed cert -> same panic in both
• Restarting Dovecot via launchd (sudo brew services stop/start dovecot) -> the panic recurs on the next connection

doveconf -n output

# 2.4.3 (e278b1e09b): /opt/homebrew/etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.3 (0bf9ee48)
# OS: Darwin 24.6.0 arm64  apfs
# Hostname: macbook-air-von-andreas.local
dovecot_config_version = 2.4.3
auth_mechanisms = plain login
default_internal_group = _www
default_internal_user = _www
default_login_user = _www
default_vsz_limit = unlimited
dovecot_storage_version = 2.4.3
info_log_path = /opt/homebrew/var/log/dovecot/dovecot-info.log
listen = 127.0.0.1
log_path = /opt/homebrew/var/log/dovecot/dovecot.log
mail_driver = maildir
mail_gid = staff
mail_home = /Users/andreas/mail/%{user}
mail_path = /Users/andreas/mail/%{user}
mail_uid = andreas
protocols = imap
ssl_server {
  cert_file = /opt/homebrew/etc/dovecot/ssl/dovecot.crt
  key_file = /opt/homebrew/etc/dovecot/ssl/dovecot.key
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
passdb static {
  password = # hidden
}
userdb static {
  fields {
    gid = staff
    home = /Users/andreas/mail/%{user}
    uid = andreas
  }
}
namespace inbox {
  mailbox_list_layout = fs
  inbox = yes
  prefix =
  separator = /
}

What I would expect

The anvil connection from imap-login should register with a valid pid (not -1) or anvil should tolerate the re-registration gracefully instead of hitting an i_unreached() assertion.

Note on dovecot-sysreport

Running dovecot-sysreport as the normal user fails with permission errors on /opt/homebrew/var/run/dovecot/* sockets (log-errors, master). The grep -P usage inside the script also fails on BSD grep (macOS). Let me know if a sysreport archive would be useful -- I can re-run with sudo and adjust grep if needed. Happy to provide further reproduction details, additional log output, or test any fix suggestions. Thanks for Dovecot. Andreas Marth I-K-D-T@web.de