search

jerryscript-project / iotjs

Platform for Internet of Things with JavaScript http://www.iotjs.net
Other
2.6k stars 438 forks source link

Assertion `!uv__io_active(&stream->io_watcher, POLLIN | POLLOUT)' failed in uv__stream_destroy #1914

Open renatahodovan opened 5 years ago

renatahodovan commented 5 years ago
IoT.js version:
Checked revision: bc9a5da

Build command: CC=clang-7 \
tools/build.py --clean \
--buildtype=debug \
--compile-flag="-D'IOTJS_ASSERT(x)=assert(x)'" \
--compile-flag=-O2 --compile-flag=-fno-common --no-snapshot \
--compile-flag=-fsanitize=address --compile-flag=-fno-omit-frame-pointer \
--jerry-cmake-param=-DFEATURE_SYSTEM_ALLOCATOR=ON --target-arch=i686 \
--profile=test/profiles/host-linux.profile --jerry-profile=es2015-subset \
--jerry-cmake-param=-DEXTERNAL_COMPILE_FLAGS=-Wno-conversion
OS:
Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic
Test case:
var net = require('net')
var tls = require('tls')

var v2 = setTimeout(function () { }, 0)
try { net.Server.prototype.listen(v2.after) } catch ($) { }
tls.Server.prototype.listen(0)
Backtrace:
iotjs: iotjs/deps/libtuv/src/unix/stream.c:461: void uv__stream_destroy(uv_stream_t *): Assertion `!uv__io_active(&stream->io_watcher, POLLIN | POLLOUT)' failed.

Program received signal SIGABRT, Aborted.
0xf7fd3939 in __kernel_vsyscall ()
(gdb) bt
#0  0xf7fd3939 in __kernel_vsyscall ()
#1  0xf7c90182 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf7c7a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0xf7c7a1c1 in ?? () from /lib/i386-linux-gnu/libc.so.6
#4  0xf7c87fd9 in __assert_fail () from /lib/i386-linux-gnu/libc.so.6
#5  0x082bf664 in uv__stream_destroy (stream=0xf4d19f00) at iotjs/deps/libtuv/src/unix/stream.c:461
#6  0x082a9c30 in uv__finish_close (handle=0xf4d19f00) at iotjs/deps/libtuv/src/unix/core.c:230
#7  0x082a577a in uv__run_closing_handles (loop=0x88ce6e0 <default_loop_struct>)
    at iotjs/deps/libtuv/src/unix/core.c:260
#8  0x082a48d9 in uv_run (loop=0x88ce6e0 <default_loop_struct>, mode=UV_RUN_ONCE)
    at iotjs/deps/libtuv/src/unix/core.c:328
#9  0x08155328 in iotjs_start (env=<optimized out>) at iotjs/src/iotjs.c:233
#10 iotjs_entry (argc=2, argv=0xffffcfa4) at iotjs/src/iotjs.c:312
#11 0xf7c7b751 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#12 0x08080872 in _start ()

Found by Fuzzinator with JsProFuzz.