First found by fuzzers running m-c 20210313-6264f13d54a1

Hit MOZ_CRASH(assertion failed: stride.width > 0.0) at gfx/wr/webrender/src/image_tiling.rs:96

#0 0x7fe8a95cd7b5 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:254:3
#1 0x7fe8a95cd7b5 in RustMozCrash src/mozglue/static/rust/wrappers.cpp:17:3
#2 0x7fe8a95cd764 in mozglue_static::panic_hook::h52aa0e5c41eb49de src/mozglue/static/rust/lib.rs:89:9
#3 0x7fe8a95cd13b in core::ops::function::Fn::call::h45fce903fef90bf4 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70:5
#4 0x7fe8aa5dbf05 in std::panicking::rust_panic_with_hook::hb27ea14285131c61 /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/panicking.rs:595:17
#5 0x7fe8aa5db9f6 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::hc552fcee62aad17f /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/panicking.rs:495:13
#6 0x7fe8aa5d7e4b in std::sys_common::backtrace::__rust_end_short_backtrace::hb9f0aa9a78e885a0 /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/sys_common/backtrace.rs:141:18
#7 0x7fe8aa5db988 in rust_begin_unwind /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/panicking.rs:493:5
#8 0x7fe8aa645150 in core::panicking::panic_fmt::h12ac4570ea43d06f /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/core/src/panicking.rs:92:14
#9 0x7fe8aa64509c in core::panicking::panic::h72bd72f6f4a70105 /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/core/src/panicking.rs:50:5
#10 0x7fe8a8ecc296 in webrender::image_tiling::repetitions::hc7325ea7b191d710 src/gfx/wr/webrender/src/image_tiling.rs:96:5
#11 0x7fe8a8cdfe57 in webrender::clip::ClipNodeInfo::create_instance::h18fb626451891e48 src/gfx/wr/webrender/src/clip.rs:633:39
#12 0x7fe8a8cdfe57 in webrender::clip::ClipStore::build_clip_chain_instance::h932291356811c4cd src/gfx/wr/webrender/src/clip.rs:1248:45
#13 0x7fe8a8ec8ad0 in webrender::visibility::update_primitive_visibility::hafa692f8d3923786 src/gfx/wr/webrender/src/visibility.rs:432:34
#14 0x7fe8a8ec80d9 in webrender::visibility::update_primitive_visibility::hafa692f8d3923786 src/gfx/wr/webrender/src/visibility.rs:334:44
#15 0x7fe8a8ec8197 in webrender::visibility::update_primitive_visibility::hafa692f8d3923786 src/gfx/wr/webrender/src/visibility.rs:334:44
#16 0x7fe8a8ec80d9 in webrender::visibility::update_primitive_visibility::hafa692f8d3923786 src/gfx/wr/webrender/src/visibility.rs:334:44
#17 0x7fe8a8d28e9d in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::h9739908b3f5f4a4b src/gfx/wr/webrender/src/frame_builder.rs:415:17
#18 0x7fe8a8d28e9d in webrender::frame_builder::FrameBuilder::build::hb853d5d552c004e6 src/gfx/wr/webrender/src/frame_builder.rs:570:9
#19 0x7fe8a8dade5e in webrender::render_backend::Document::build_frame::hb192f8cd04b106dc src/gfx/wr/webrender/src/render_backend.rs:622:25
#20 0x7fe8a8dbed8b in webrender::render_backend::RenderBackend::update_document::hf7e03b45e9a8abd0 src/gfx/wr/webrender/src/render_backend.rs:1508:41
#21 0x7fe8a8db5136 in webrender::render_backend::RenderBackend::prepare_transactions::ha26fd2e9dc95497b src/gfx/wr/webrender/src/render_backend.rs:1362:28
#22 0x7fe8a8db5136 in webrender::render_backend::RenderBackend::process_api_msg::hfb9dd3f88f7a5aef src/gfx/wr/webrender/src/render_backend.rs:1218:17
#23 0x7fe8a8bb0a7d in webrender::render_backend::RenderBackend::run::h4b94e052d9779308 src/gfx/wr/webrender/src/render_backend.rs:894:21
#24 0x7fe8a8bb0a7d in webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::h7accc81b5aaee9af src/gfx/wr/webrender/src/renderer/mod.rs:1269:13
#25 0x7fe8a8bb0a7d in std::sys_common::backtrace::__rust_begin_short_backtrace::h288b973f553da2a7 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:125:18
#26 0x7fe8a8bd20d9 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h84dc809fc8a4f51c /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:474:17
#27 0x7fe8a8bd20d9 in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::hb5273e5784aea5b8 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#28 0x7fe8a8bd20d9 in std::panicking::try::do_call::ha61ad24f198726f3 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:379:40
#29 0x7fe8a8bd20d9 in std::panicking::try::h1c534d29d333653e /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:343:19
#30 0x7fe8a8bd20d9 in std::panic::catch_unwind::h830cebdcd520dcfc /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#31 0x7fe8a8bd20d9 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::he3b76c52d583a219 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:473:30
#32 0x7fe8a8bd20d9 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h87e739e95bb5cffc /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:227:5
#33 0x7fe8aa5ec319 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h9ed215ba67984d70 /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/alloc/src/boxed.rs:1328:9
#34 0x7fe8aa5ec319 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::hcece06e1fe04906f /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/alloc/src/boxed.rs:1328:9
#35 0x7fe8aa5ec319 in std::sys::unix::thread::Thread::new::thread_start::h6e82a4b7be15319a /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/sys/unix/thread.rs:71:17
#36 0x7fe8b6543608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#37 0x7fe8b610c292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

A Pernosco session is available here: https://pernos.co/debug/l4iQI_cy7NYzLdCaq0JWag/index.html

Bugmon Analysis:
Unable to reproduce bug using the following builds:

mozilla-central 20210316214855-0d51fdccaa96
mozilla-central 20210313094300-6264f13d54a1
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.

It looks like in ClipNodeInfo::create_instance() rect.size.width is zero, and that's passed as the stride in repetitions(). In bug 1648323 we worked around a crash by relying on repetitions() to return an empty iterator when the clip rect doesn't intersect with the rect. Perhaps we should move the assertions in repetitions() until after we check for an intersection, but maybe that's a bit icky. Should we instead handle the empty rect earlier on? Nical, what do you think?

(In reply to Jamie Nicol [:jnicol] from comment #3)

Perhaps we should move the assertions in repetitions() until after we check for an intersection

Sounds good to me.

We can gracefully handle null stride when there's no visible rect since it should always result in an empty iterator.

https://hg.mozilla.org/mozilla-central/rev/bb62a924a4ed
https://hg.mozilla.org/mozilla-central/rev/a9fbe11857ba

:nical, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.

Sorry, wrong needinfo because of a bug in the bot.