@bryancall It seems to me that streams are not removed from `stream_list` when ATS *send* RST_STREAM frames. This explains the `find_stream` mystery @shinrich pointed out.
I have no idea what changes led the crash and how the crash is occurred, but here's my assumption: I assume `stream` is not nullptr and the stream state is CLOSED, because your patch checks those. Because newly created streams cannot be CLOSED state here, the stream should be receiving second HEADERS frame on CLOSED state. This suggests that `cstate.is_valid_streamid(stream_id)` was `true` and `stream == nullptr` was `true` too. If `stream->has_trailing_header()` was `false` an Http2Error had been returned, but it hadn't. So the requests should have trailing headers. Can you confirm this? If ATS sent a RST_STREAM frame before receiving trailing headers (second HEADERS frame), it would reach here with the conditions (valid stream id and closed state) because we can find the stream from `stream_list`. But I don't understand how it crashes with an stream that is still alive. [ Full content available at: https://github.com/apache/trafficserver/pull/4225 ] This message was relayed via gitbox.apache.org for devnull@infra.apache.org
