The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0607b7981ab9de1b2bbfc1de6a9ae2c2fb70786b

commit 0607b7981ab9de1b2bbfc1de6a9ae2c2fb70786b
Author: Scott Graham <scottmg@chromium.org>
Date: Thu Jun 15 00:01:26 2017

fuchsia: Fix fd watcher crash

FileDescriptorWatcherTest.WatchWritable creates a
FileDescriptorWatcher::Controller (in a unique_ptr) and then ends the
test.

At the end of the test body scope, that
FileDescriptorWatcher::Controller is destroyed. This causes a DeleteSoon
(on IO) of its member watcher_ (which is a
FileDescriptorWatcher::Controller::Watcher).

After ~Controller, the test TearDown() is run, which closes the test
pipe fds. This causes a subsequent call to __mxio_fd_to_io() to return
null, so we need to handle that. Additionally,
MessagePumpFuchsia::FileDescriptorWatcher wasn't handling the case where
the io_ member was never initialized, or initialization failed (like
here), so don't call __mxio_release() in that case.

(The class names in this code are confusing.
FileDescriptorWatcher::Controller::Watcher contains a
MessagePumpFuchsia::FileDescriptorWatcher, which points at a
MessagePumpFuchsia::Watcher. The
MessagePumpFuchsia::FileDescriptorWatcher is the thing called
"controller" that message_pump_fuchsia.cc deals with. Its lifetime is OK
because it isn't destructed until later because of the deferred
delete-on-io.)

Fixes *FileDescriptorWatcherTest.*.

Bug: 706592, 733440 
Change-Id: I47ab65bc3f1ab7743dea40181a50b9d0def19bef
Reviewed-on: https://chromium-review.googlesource.com/535936
Commit-Queue: Scott Graham <scottmg@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#479549}
[modify] https://crrev.com/0607b7981ab9de1b2bbfc1de6a9ae2c2fb70786b/base/message_loop/message_pump_fuchsia.cc