> On 09 Dec 2015, at 10:55, Peter Eriksson <pe...@ifm.liu.se> wrote: > > Just found a coredump from the imap process for one of our users on dovecot > 2.2.19 on a Solaris 10/x86 system: > >> Dec 8 14:33:17 mail dovecot: [ID 583609 mail.crit] imap(leijo): Fatal: > master: service(imap): child 14465 killed with signal 11 (core dumped) > > Please find attached dovecot -n output and some gdb backtrace. It seems that > cmd->client was NULL when dereferencing it at line 178 in imap-commands.c (in > the function command_exec): > >> 178 cmd->bytes_in += >> i_stream_get_absolute_offset(cmd->client->input) - >> 179 cmd_start_bytes_in; > > Please let me know if you need more information. I don't know what the users > was doing at that specific time.
That's pretty strange. The command seems to have been freed to early. v2.2.20 has some changes related to this, but I don't think it fixed a bug exactly like this. I added some new asserts to try to catch this earlier: http://hg.dovecot.org/dovecot-2.2/rev/4535ac0b8ab1
