dgquintas · September 8, 2015 22:04
diff --git a/gistfile1.txt b/gistfile1.txt
 [ RUN      ] End2endTest.BlockingAuthMetadataProcessorFailure
 E0908 19:39:14.345447789   12252 tcp_client_posix.c:159]     socket error: connection refused
 D0908 19:39:24.430909213   12252 iomgr.c:171]                Failed to free 0 iomgr objects before shutdown deadline: memory leaks are likely
 =================================================================
 ==12252==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210000de1e0 at pc 0x000000a5be6e bp 0x7fd07de0c270 sp 0x7fd07de0c268
 READ of size 8 at 0x6210000de1e0 thread T327
    #0 0xa5be6d in grpc_metadata_array_destroy /var/local/git/grpc/src/core/surface/metadata_array.c:44:3
    #1 0xd2568c in on_md_processing_done /var/local/git/grpc/src/core/security/server_auth_filter.c:142:3
    #2 0x837626 in grpc::AuthMetadataProcessorAyncWrapper::InvokeProcessor(grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*) /var/local/git/grpc/src/cpp/server/secure_server_credentials.cc:104:3
    #3 0x857a5a in void std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::*)(grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)>::operator()<grpc_auth_context*&, grpc_metadata const*&, unsigned long&, void (*&)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*&, void>(grpc::AuthMetadataProcessorAyncWrapper*, grpc_auth_context*&, grpc_metadata const*&, unsigned long&, void (*&)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*&) const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:569:11
    #4 0x857224 in void std::_Bind<std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::*)(grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)> (grpc::AuthMetadataProcessorAyncWrapper*, grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)>::__call<void, , 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1263:11
    #5 0x856d0a in void std::_Bind<std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::*)(grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)> (grpc::AuthMetadataProcessorAyncWrapper*, grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)>::operator()<, void>() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1321:11
    #6 0x855ca0 in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::*)(grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)> (grpc::AuthMetadataProcessorAyncWrapper*, grpc_auth_context*, grpc_metadata const*, unsigned long, void (*)(void*, grpc_metadata const*, unsigned long, grpc_metadata const*, unsigned long, grpc_status_code, char const*), void*)> >::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:2039:4
    #7 0x8ac867 in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:2439:14
    #8 0x8a7995 in grpc::DynamicThreadPool::ThreadFunc() /var/local/git/grpc/src/cpp/server/dynamic_thread_pool.cc:81:7
    #9 0x8a6c5d in grpc::DynamicThreadPool::DynamicThread::ThreadFunc() /var/local/git/grpc/src/cpp/server/dynamic_thread_pool.cc:50:3
    #10 0x8cada9 in void std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::*)()>::operator()<, void>(grpc::DynamicThreadPool::DynamicThread*) const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:569:11
    #11 0x8ca96e in void std::_Bind_simple<std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::*)()> (grpc::DynamicThreadPool::DynamicThread*)>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1699:18
    #12 0x8ca7a2 in std::_Bind_simple<std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::*)()> (grpc::DynamicThreadPool::DynamicThread*)>::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1688:16
    #13 0x8ca632 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::*)()> (grpc::DynamicThreadPool::DynamicThread*)> >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/thread:115:13
    #14 0x7fd09118496f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb696f)
    #15 0x7fd0918060a3 in start_thread /build/glibc-Ir_s5K/glibc-2.19/nptl/pthread_create.c:309
    #16 0x7fd090bf504c in clone /build/glibc-Ir_s5K/glibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111

 0x6210000de1e0 is located 3296 bytes inside of 4616-byte region [0x6210000dd500,0x6210000de708)
 freed by thread T0 here:
    #0 0x5e5c5b in free (/var/local/git/grpc/bins/asan/end2end_test+0x5e5c5b)
    #1 0xe5d038 in gpr_free /var/local/git/grpc/src/core/support/alloc.c:47:26
    #2 0x95e0b0 in destroy_call /var/local/git/grpc/src/core/surface/call.c:496:3
    #3 0x95cfdd in grpc_call_internal_unref /var/local/git/grpc/src/core/surface/call.c:509:7
    #4 0x96112c in grpc_call_destroy /var/local/git/grpc/src/core/surface/call.c:1319:3
    #5 0xad84c8 in kill_zombie /var/local/git/grpc/src/core/surface/server.c:312:3
    #6 0xa2f17d in grpc_maybe_call_delayed_callbacks /var/local/git/grpc/src/core/iomgr/iomgr.c:273:5
    #7 0xa8ea87 in grpc_pollset_work /var/local/git/grpc/src/core/iomgr/pollset_posix.c:181:7
    #8 0x9bab33 in grpc_completion_queue_pluck /var/local/git/grpc/src/core/surface/completion_queue.c:302:5
    #9 0x89ecf6 in grpc::CompletionQueue::Pluck(grpc::CompletionQueueTag*) /var/local/git/grpc/src/cpp/common/completion_queue.cc:76:13
    #10 0x7bec39 in grpc::Status grpc::BlockingUnaryCall<grpc::cpp::test::util::EchoRequest, grpc::cpp::test::util::EchoResponse>(grpc::Channel*, grpc::RpcMethod const&, grpc::ClientContext*, grpc::cpp::test::util::EchoRequest const&, grpc::cpp::test::util::EchoResponse*) /var/local/git/grpc/include/grpc++/impl/client_unary_call.h:68:15
    #11 0x7af478 in grpc::cpp::test::util::TestService::Stub::Echo(grpc::ClientContext*, grpc::cpp::test::util::EchoRequest const&, grpc::cpp::test::util::EchoResponse*) /var/local/git/grpc/gens/test/cpp/util/echo.grpc.pb.cc:42:10
    #12 0x635812 in grpc::testing::End2endTest_BlockingAuthMetadataProcessorFailure_Test::TestBody() /var/local/git/grpc/test/cpp/end2end/end2end_test.cc:950:14
    #13 0x12b80b8 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2078:10
    #14 0x12356fb in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2114:14
    #15 0x11b2f94 in testing::Test::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:2150:5
    #16 0x11b7e49 in testing::TestInfo::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:2326:5
    #17 0x11bb2f9 in testing::TestCase::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:2444:5
    #18 0x11e181e in testing::internal::UnitTestImpl::RunAllTests() /var/local/git/grpc/third_party/googletest/src/gtest.cc:4315:11
    #19 0x12982f8 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2078:10
    #20 0x12473c1 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2114:14
    #21 0x11e00e2 in testing::UnitTest::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:3926:10
    #22 0x66caf0 in RUN_ALL_TESTS() /var/local/git/grpc/third_party/googletest/include/gtest/gtest.h:2288:10
    #23 0x6444f6 in main /var/local/git/grpc/test/cpp/end2end/end2end_test.cc:1103:10
    #24 0x7fd090b30b44 in __libc_start_main /build/glibc-Ir_s5K/glibc-2.19/csu/libc-start.c:287

 previously allocated by thread T336 here:
    #0 0x5e5edb in __interceptor_malloc (/var/local/git/grpc/bins/asan/end2end_test+0x5e5edb)
    #1 0xe5ce51 in gpr_malloc /var/local/git/grpc/src/core/support/alloc.c:40:13
    #2 0x9541ba in grpc_call_create /var/local/git/grpc/src/core/surface/call.c:319:7
    #3 0xacf8a6 in accept_stream /var/local/git/grpc/src/core/surface/server.c:647:3
    #4 0x98cbd1 in grpc_chttp2_parsing_accept_stream /var/local/git/grpc/src/core/transport/chttp2_transport.c:481:3
    #5 0xa756f6 in init_header_frame_parser /var/local/git/grpc/src/core/transport/chttp2/parsing.c:672:9
    #6 0xa7286d in init_frame_parser /var/local/git/grpc/src/core/transport/chttp2/parsing.c:445:14
    #7 0xa70ad7 in grpc_chttp2_perform_read /var/local/git/grpc/src/core/transport/chttp2/parsing.c:357:12
    #8 0x993a0c in recv_data_loop /var/local/git/grpc/src/core/transport/chttp2_transport.c:1112:12
    #9 0x993292 in recv_data /var/local/git/grpc/src/core/transport/chttp2_transport.c:1174:10
    #10 0xaabe2e in call_read_cb /var/local/git/grpc/src/core/security/secure_endpoint.c:135:3
    #11 0xaab70a in on_read_cb /var/local/git/grpc/src/core/security/secure_endpoint.c:212:3
    #12 0xb6f97a in call_read_cb /var/local/git/grpc/src/core/iomgr/tcp_posix.c:157:3
    #13 0xb71920 in tcp_continue_read /var/local/git/grpc/src/core/iomgr/tcp_posix.c:224:5
    #14 0xb6c219 in tcp_handle_read /var/local/git/grpc/src/core/iomgr/tcp_posix.c:240:5
    #15 0xc87931 in process_callback /var/local/git/grpc/src/core/iomgr/fd_posix.c:251:5
    #16 0xc83064 in process_callbacks /var/local/git/grpc/src/core/iomgr/fd_posix.c:261:5
    #17 0xc86bc2 in set_ready /var/local/git/grpc/src/core/iomgr/fd_posix.c:342:5
    #18 0xc865aa in grpc_fd_become_readable /var/local/git/grpc/src/core/iomgr/fd_posix.c:453:3
    #19 0xccbf5a in multipoll_with_epoll_pollset_maybe_work /var/local/git/grpc/src/core/iomgr/pollset_multipoller_with_epoll.c:213:15
    #20 0xa8f3bc in grpc_pollset_work /var/local/git/grpc/src/core/iomgr/pollset_posix.c:194:5
    #21 0x9b88a4 in grpc_completion_queue_next /var/local/git/grpc/src/core/surface/completion_queue.c:210:5
    #22 0x89df4a in grpc::CompletionQueue::AsyncNextInternal(void**, bool*, gpr_timespec) /var/local/git/grpc/src/cpp/common/completion_queue.cc:56:15
    #23 0x668a1d in grpc::CompletionQueue::Next(void**, bool*) /var/local/git/grpc/include/grpc++/completion_queue.h:127:13
    #24 0x8e1a7e in grpc::Server::SyncRequest::Wait(grpc::CompletionQueue*, bool*) /var/local/git/grpc/src/cpp/server/server.cc:132:10
    #25 0x8d9fb9 in grpc::Server::RunRpc() /var/local/git/grpc/src/cpp/server/server.cc:536:15
    #26 0x8e4f29 in void std::_Mem_fn<void (grpc::Server::*)()>::operator()<, void>(grpc::Server*) const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:569:11
    #27 0x8e4c5e in void std::_Bind<std::_Mem_fn<void (grpc::Server::*)()> (grpc::Server*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1263:11
    #28 0x8e4a0a in void std::_Bind<std::_Mem_fn<void (grpc::Server::*)()> (grpc::Server*)>::operator()<, void>() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1321:11
    #29 0x8e39a0 in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (grpc::Server::*)()> (grpc::Server*)> >::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:2039:4

 Thread T327 created by T0 here:
    #0 0x5cdb0f in pthread_create (/var/local/git/grpc/bins/asan/end2end_test+0x5cdb0f)
    #1 0x7fd091184a90 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb6a90)

 Thread T336 created by T0 here:
    #0 0x5cdb0f in pthread_create (/var/local/git/grpc/bins/asan/end2end_test+0x5cdb0f)
    #1 0x7fd091184a90 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb6a90)

 SUMMARY: AddressSanitizer: heap-use-after-free /var/local/git/grpc/src/core/surface/metadata_array.c:44 grpc_metadata_array_destroy
 Shadow bytes around the buggy address:
  0x0c4280013be0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 =>0x0c4280013c30: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
  0x0c4280013c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4280013c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
 ==12252==ABORTING
	[ RUN ] End2endTest.BlockingAuthMetadataProcessorFailure
	E0908 19:39:14.345447789 12252 tcp_client_posix.c:159] socket error: connection refused
	D0908 19:39:24.430909213 12252 iomgr.c:171] Failed to free 0 iomgr objects before shutdown deadline: memory leaks are likely
	=================================================================
	==12252==ERROR: AddressSanitizer: heap-use-after-free on address 0x6210000de1e0 at pc 0x000000a5be6e bp 0x7fd07de0c270 sp 0x7fd07de0c268
	READ of size 8 at 0x6210000de1e0 thread T327
	#0 0xa5be6d in grpc_metadata_array_destroy /var/local/git/grpc/src/core/surface/metadata_array.c:44:3
	#1 0xd2568c in on_md_processing_done /var/local/git/grpc/src/core/security/server_auth_filter.c:142:3
	#2 0x837626 in grpc::AuthMetadataProcessorAyncWrapper::InvokeProcessor(grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void) /var/local/git/grpc/src/cpp/server/secure_server_credentials.cc:104:3
	#3 0x857a5a in void std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::)(grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)>::operator()<grpc_auth_context&, grpc_metadata const&, unsigned long&, void (&)(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void&, void>(grpc::AuthMetadataProcessorAyncWrapper, grpc_auth_context&, grpc_metadata const&, unsigned long&, void (&)(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void&) const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:569:11
	#4 0x857224 in void std::_Bind<std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::)(grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)> (grpc::AuthMetadataProcessorAyncWrapper, grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)>::__call<void, , 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1263:11
	#5 0x856d0a in void std::_Bind<std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::)(grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)> (grpc::AuthMetadataProcessorAyncWrapper, grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)>::operator()<, void>() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1321:11
	#6 0x855ca0 in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (grpc::AuthMetadataProcessorAyncWrapper::)(grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)> (grpc::AuthMetadataProcessorAyncWrapper, grpc_auth_context, grpc_metadata const, unsigned long, void ()(void, grpc_metadata const, unsigned long, grpc_metadata const, unsigned long, grpc_status_code, char const), void)> >::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:2039:4
	#7 0x8ac867 in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:2439:14
	#8 0x8a7995 in grpc::DynamicThreadPool::ThreadFunc() /var/local/git/grpc/src/cpp/server/dynamic_thread_pool.cc:81:7
	#9 0x8a6c5d in grpc::DynamicThreadPool::DynamicThread::ThreadFunc() /var/local/git/grpc/src/cpp/server/dynamic_thread_pool.cc:50:3
	#10 0x8cada9 in void std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::)()>::operator()<, void>(grpc::DynamicThreadPool::DynamicThread) const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:569:11
	#11 0x8ca96e in void std::_Bind_simple<std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::)()> (grpc::DynamicThreadPool::DynamicThread)>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1699:18
	#12 0x8ca7a2 in std::_Bind_simple<std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::)()> (grpc::DynamicThreadPool::DynamicThread)>::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1688:16
	#13 0x8ca632 in std::thread::_Impl<std::_Bind_simple<std::_Mem_fn<void (grpc::DynamicThreadPool::DynamicThread::)()> (grpc::DynamicThreadPool::DynamicThread)> >::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/thread:115:13
	#14 0x7fd09118496f (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb696f)
	#15 0x7fd0918060a3 in start_thread /build/glibc-Ir_s5K/glibc-2.19/nptl/pthread_create.c:309
	#16 0x7fd090bf504c in clone /build/glibc-Ir_s5K/glibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111

	0x6210000de1e0 is located 3296 bytes inside of 4616-byte region [0x6210000dd500,0x6210000de708)
	freed by thread T0 here:
	#0 0x5e5c5b in free (/var/local/git/grpc/bins/asan/end2end_test+0x5e5c5b)
	#1 0xe5d038 in gpr_free /var/local/git/grpc/src/core/support/alloc.c:47:26
	#2 0x95e0b0 in destroy_call /var/local/git/grpc/src/core/surface/call.c:496:3
	#3 0x95cfdd in grpc_call_internal_unref /var/local/git/grpc/src/core/surface/call.c:509:7
	#4 0x96112c in grpc_call_destroy /var/local/git/grpc/src/core/surface/call.c:1319:3
	#5 0xad84c8 in kill_zombie /var/local/git/grpc/src/core/surface/server.c:312:3
	#6 0xa2f17d in grpc_maybe_call_delayed_callbacks /var/local/git/grpc/src/core/iomgr/iomgr.c:273:5
	#7 0xa8ea87 in grpc_pollset_work /var/local/git/grpc/src/core/iomgr/pollset_posix.c:181:7
	#8 0x9bab33 in grpc_completion_queue_pluck /var/local/git/grpc/src/core/surface/completion_queue.c:302:5
	#9 0x89ecf6 in grpc::CompletionQueue::Pluck(grpc::CompletionQueueTag*) /var/local/git/grpc/src/cpp/common/completion_queue.cc:76:13
	#10 0x7bec39 in grpc::Status grpc::BlockingUnaryCall<grpc::cpp::test::util::EchoRequest, grpc::cpp::test::util::EchoResponse>(grpc::Channel, grpc::RpcMethod const&, grpc::ClientContext, grpc::cpp::test::util::EchoRequest const&, grpc::cpp::test::util::EchoResponse*) /var/local/git/grpc/include/grpc++/impl/client_unary_call.h:68:15
	#11 0x7af478 in grpc::cpp::test::util::TestService::Stub::Echo(grpc::ClientContext, grpc::cpp::test::util::EchoRequest const&, grpc::cpp::test::util::EchoResponse) /var/local/git/grpc/gens/test/cpp/util/echo.grpc.pb.cc:42:10
	#12 0x635812 in grpc::testing::End2endTest_BlockingAuthMetadataProcessorFailure_Test::TestBody() /var/local/git/grpc/test/cpp/end2end/end2end_test.cc:950:14
	#13 0x12b80b8 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test, void (testing::Test::)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2078:10
	#14 0x12356fb in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test, void (testing::Test::)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2114:14
	#15 0x11b2f94 in testing::Test::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:2150:5
	#16 0x11b7e49 in testing::TestInfo::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:2326:5
	#17 0x11bb2f9 in testing::TestCase::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:2444:5
	#18 0x11e181e in testing::internal::UnitTestImpl::RunAllTests() /var/local/git/grpc/third_party/googletest/src/gtest.cc:4315:11
	#19 0x12982f8 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl, bool (testing::internal::UnitTestImpl::)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2078:10
	#20 0x12473c1 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl, bool (testing::internal::UnitTestImpl::)(), char const*) /var/local/git/grpc/third_party/googletest/src/gtest.cc:2114:14
	#21 0x11e00e2 in testing::UnitTest::Run() /var/local/git/grpc/third_party/googletest/src/gtest.cc:3926:10
	#22 0x66caf0 in RUN_ALL_TESTS() /var/local/git/grpc/third_party/googletest/include/gtest/gtest.h:2288:10
	#23 0x6444f6 in main /var/local/git/grpc/test/cpp/end2end/end2end_test.cc:1103:10
	#24 0x7fd090b30b44 in __libc_start_main /build/glibc-Ir_s5K/glibc-2.19/csu/libc-start.c:287

	previously allocated by thread T336 here:
	#0 0x5e5edb in __interceptor_malloc (/var/local/git/grpc/bins/asan/end2end_test+0x5e5edb)
	#1 0xe5ce51 in gpr_malloc /var/local/git/grpc/src/core/support/alloc.c:40:13
	#2 0x9541ba in grpc_call_create /var/local/git/grpc/src/core/surface/call.c:319:7
	#3 0xacf8a6 in accept_stream /var/local/git/grpc/src/core/surface/server.c:647:3
	#4 0x98cbd1 in grpc_chttp2_parsing_accept_stream /var/local/git/grpc/src/core/transport/chttp2_transport.c:481:3
	#5 0xa756f6 in init_header_frame_parser /var/local/git/grpc/src/core/transport/chttp2/parsing.c:672:9
	#6 0xa7286d in init_frame_parser /var/local/git/grpc/src/core/transport/chttp2/parsing.c:445:14
	#7 0xa70ad7 in grpc_chttp2_perform_read /var/local/git/grpc/src/core/transport/chttp2/parsing.c:357:12
	#8 0x993a0c in recv_data_loop /var/local/git/grpc/src/core/transport/chttp2_transport.c:1112:12
	#9 0x993292 in recv_data /var/local/git/grpc/src/core/transport/chttp2_transport.c:1174:10
	#10 0xaabe2e in call_read_cb /var/local/git/grpc/src/core/security/secure_endpoint.c:135:3
	#11 0xaab70a in on_read_cb /var/local/git/grpc/src/core/security/secure_endpoint.c:212:3
	#12 0xb6f97a in call_read_cb /var/local/git/grpc/src/core/iomgr/tcp_posix.c:157:3
	#13 0xb71920 in tcp_continue_read /var/local/git/grpc/src/core/iomgr/tcp_posix.c:224:5
	#14 0xb6c219 in tcp_handle_read /var/local/git/grpc/src/core/iomgr/tcp_posix.c:240:5
	#15 0xc87931 in process_callback /var/local/git/grpc/src/core/iomgr/fd_posix.c:251:5
	#16 0xc83064 in process_callbacks /var/local/git/grpc/src/core/iomgr/fd_posix.c:261:5
	#17 0xc86bc2 in set_ready /var/local/git/grpc/src/core/iomgr/fd_posix.c:342:5
	#18 0xc865aa in grpc_fd_become_readable /var/local/git/grpc/src/core/iomgr/fd_posix.c:453:3
	#19 0xccbf5a in multipoll_with_epoll_pollset_maybe_work /var/local/git/grpc/src/core/iomgr/pollset_multipoller_with_epoll.c:213:15
	#20 0xa8f3bc in grpc_pollset_work /var/local/git/grpc/src/core/iomgr/pollset_posix.c:194:5
	#21 0x9b88a4 in grpc_completion_queue_next /var/local/git/grpc/src/core/surface/completion_queue.c:210:5
	#22 0x89df4a in grpc::CompletionQueue::AsyncNextInternal(void*, bool, gpr_timespec) /var/local/git/grpc/src/cpp/common/completion_queue.cc:56:15
	#23 0x668a1d in grpc::CompletionQueue::Next(void*, bool) /var/local/git/grpc/include/grpc++/completion_queue.h:127:13
	#24 0x8e1a7e in grpc::Server::SyncRequest::Wait(grpc::CompletionQueue, bool) /var/local/git/grpc/src/cpp/server/server.cc:132:10
	#25 0x8d9fb9 in grpc::Server::RunRpc() /var/local/git/grpc/src/cpp/server/server.cc:536:15
	#26 0x8e4f29 in void std::_Mem_fn<void (grpc::Server::)()>::operator()<, void>(grpc::Server) const /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:569:11
	#27 0x8e4c5e in void std::_Bind<std::_Mem_fn<void (grpc::Server::)()> (grpc::Server)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1263:11
	#28 0x8e4a0a in void std::_Bind<std::_Mem_fn<void (grpc::Server::)()> (grpc::Server)>::operator()<, void>() /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:1321:11
	#29 0x8e39a0 in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (grpc::Server::)()> (grpc::Server)> >::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9/../../../../include/c++/4.9/functional:2039:4

	Thread T327 created by T0 here:
	#0 0x5cdb0f in pthread_create (/var/local/git/grpc/bins/asan/end2end_test+0x5cdb0f)
	#1 0x7fd091184a90 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb6a90)

	Thread T336 created by T0 here:
	#0 0x5cdb0f in pthread_create (/var/local/git/grpc/bins/asan/end2end_test+0x5cdb0f)
	#1 0x7fd091184a90 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xb6a90)

	SUMMARY: AddressSanitizer: heap-use-after-free /var/local/git/grpc/src/core/surface/metadata_array.c:44 grpc_metadata_array_destroy
	Shadow bytes around the buggy address:
	0x0c4280013be0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	=>0x0c4280013c30: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
	0x0c4280013c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c4280013c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Heap right redzone: fb
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack partial redzone: f4
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Container overflow: fc
	ASan internal: fe
	==12252==ABORTING