Abort in uv__async_send

[renatahodovan]

IoT.js version:

Checked revision: bc9a5da

Build command: CC=clang-7 \
tools/build.py --clean \
--buildtype=debug \
--compile-flag="-D'IOTJS_ASSERT(x)=assert(x)'" \
--compile-flag=-O2 --compile-flag=-fno-common --no-snapshot \
--compile-flag=-fsanitize=address --compile-flag=-fno-omit-frame-pointer \
--jerry-cmake-param=-DFEATURE_SYSTEM_ALLOCATOR=ON --target-arch=i686 \
--profile=test/profiles/host-linux.profile --jerry-profile=es2015-subset \
--jerry-cmake-param=-DEXTERNAL_COMPILE_FLAGS=-Wno-conversion

OS:

Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic

Test case:

var fs = require('fs')
fs.close.prototype.constructor(Uint32Array.BYTES_PER_ELEMENT, setTimeout.constructor)

Backtrace:

Thread 2 "iotjs" received signal SIGABRT, Aborted.
[Switching to Thread 0xf36ffb40 (LWP 19774)]
0xf7fd3939 in __kernel_vsyscall ()
(gdb) bt
#0  0xf7fd3939 in __kernel_vsyscall ()
#1  0xf7c90182 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf7c7a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x082a3094 in uv__async_send (wa=0x88ce7c0 <default_loop_struct+224>) at iotjs/deps/libtuv/src/unix/async.c:201
#4  0x082a2e0c in uv_async_send (handle=0x88ce740 <default_loop_struct+96>) at iotjs/deps/libtuv/src/unix/async.c:90
#5  0x0829ba2f in worker (arg=0x0) at iotjs/deps/libtuv/src/threadpool.c:116
#6  0x0812f653 in __asan::AsanThread::ThreadStart(unsigned long long, __sanitizer::atomic_uintptr_t*) ()
#7  0x0810c248 in asan_thread_start(void*) ()
#8  0xf7e6d004 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#9  0xf7d5ca16 in clone () from /lib/i386-linux-gnu/libc.so.6

^{Found by Fuzzinator with JsProFuzz.}