Testcase found while fuzzing mozilla-central rev 2eda0885cbad (built with: --enable-debug --enable-fuzzing).

Testcase can be reproduced using the following commands:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 2eda0885cbad --debug --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html

Hit MOZ_CRASH(assertion failed: task_size.height <= MAX_SURFACE_SIZE as i32) at gfx/wr/webrender/src/picture.rs:6770

    ==4123877==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff42e9f53b5 bp 0x7ff300ff30c0 sp 0x7ff300ff30b0 T4124029)
    ==4123877==The signal is caused by a WRITE memory access.
    ==4123877==Hint: address points to the zero page.
        #0 0x7ff42e9f53b5 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261:3
        #1 0x7ff42e9f53b5 in RustMozCrash /mozglue/static/rust/wrappers.cpp:18:3
        #2 0x7ff42e9f5337 in mozglue_static::panic_hook::h0b0af6c1e77fcfac /mozglue/static/rust/lib.rs:91:9
        #3 0x7ff42e9f4fab in core::ops::function::Fn::call::h9cd0c45aa2018eca /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/ops/function.rs:70:5
        #4 0x7ff42f2fdd68 in std::panicking::rust_panic_with_hook::he6f55c3e7ed1777c /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:610:17
        #5 0x7ff42f2fd7e1 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h4b51effcc76f0c14 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:500:13
        #6 0x7ff42f2fa5a3 in std::sys_common::backtrace::__rust_end_short_backtrace::haae2fe666128308b /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:139:18
        #7 0x7ff42f2fd778 in rust_begin_unwind /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:498:5
        #8 0x7ff4255f52b0 in core::panicking::panic_fmt::h6434c641853e4979 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/panicking.rs:107:14
        #9 0x7ff4255f51fc in core::panicking::panic::h2087754074d8b02f /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/panicking.rs:48:5
        #10 0x7ff42e5409ff in webrender::picture::get_surface_rects::hcb1ad9977fe94983 /gfx/wr/webrender/src/picture.rs:6770:5
        #11 0x7ff42e5409ff in webrender::picture::PicturePrimitive::take_context::h3ca086daeb8370b5 /gfx/wr/webrender/src/picture.rs:4906:43
        #12 0x7ff42e54c845 in webrender::prepare::prepare_prim_for_render::h1f7784362908608f /gfx/wr/webrender/src/prepare.rs:159:15
        #13 0x7ff42e54c845 in webrender::prepare::prepare_primitives::h5089bd0d7e144102 /gfx/wr/webrender/src/prepare.rs:108:16
        #14 0x7ff42e514305 in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::h9e653dd5851c8e2e /gfx/wr/webrender/src/frame_builder.rs:502:17
        #15 0x7ff42e514305 in webrender::frame_builder::FrameBuilder::build::h52b17240b511e874 /gfx/wr/webrender/src/frame_builder.rs:593:9
        #16 0x7ff42e5659b3 in webrender::render_backend::Document::build_frame::h71f6dd012a750079 /gfx/wr/webrender/src/render_backend.rs:493:25
        #17 0x7ff42e575795 in webrender::render_backend::RenderBackend::update_document::h3f89dfc1476f562c /gfx/wr/webrender/src/render_backend.rs:1387:41
        #18 0x7ff42e56eebe in webrender::render_backend::RenderBackend::prepare_transactions::h4ec238b6b790759b /gfx/wr/webrender/src/render_backend.rs:1236:28
        #19 0x7ff42e56eebe in webrender::render_backend::RenderBackend::process_api_msg::h250a019fc7aecf9f /gfx/wr/webrender/src/render_backend.rs:1088:17
        #20 0x7ff42e44772b in webrender::render_backend::RenderBackend::run::h5d6d6d15b6db509b /gfx/wr/webrender/src/render_backend.rs:758:21
        #21 0x7ff42e44772b in webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::h7dfe64c144216fc1 /gfx/wr/webrender/src/renderer/mod.rs:1328:13
        #22 0x7ff42e44772b in std::sys_common::backtrace::__rust_begin_short_backtrace::hae15043800f3b0af /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:123:18
        #23 0x7ff42e45d94f in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hb0ff3518bac194ad /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/thread/mod.rs:484:17
        #24 0x7ff42e45d94f in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::hbc74b33926035d76 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/panic/unwind_safe.rs:271:9
        #25 0x7ff42e45d94f in std::panicking::try::do_call::hb79bbaa04e0cc362 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:406:40
        #26 0x7ff42e45d94f in std::panicking::try::hb522150a71ac6119 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:370:19
        #27 0x7ff42e45d94f in std::panic::catch_unwind::hd556f71c5c71f9d6 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panic.rs:133:14
        #28 0x7ff42e45d94f in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::hdad13d08571bd848 /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/thread/mod.rs:483:30
        #29 0x7ff42e45d94f in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h8601619e3fdb20fe /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/ops/function.rs:227:5
        #30 0x7ff42f308e92 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h3604301cdaaa9dbf /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/alloc/src/boxed.rs:1694:9
        #31 0x7ff42f308e92 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h4cf736d2de892eff /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/alloc/src/boxed.rs:1694:9
        #32 0x7ff42f308e92 in std::sys::unix::thread::Thread::new::thread_start::h71a82d4ee5b02c9b /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys/unix/thread.rs:106:17
        #33 0x7ff43bd9a608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
        #34 0x7ff43b962292 in __clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
    
    UndefinedBehaviorSanitizer can not provide additional info.
    SUMMARY: UndefinedBehaviorSanitizer: SEGV /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261:3 in MOZ_Crash
    ==4123877==ABORTING

Bugmon Analysis
Verified bug as reproducible on mozilla-central 20220224093648-2eda0885cbad.
The bug appears to have been introduced in the following build range:

Start: 536fddf7da0517b43fcb92b27293bcf3ba06d889 (20220223192951)
End: 1d528cfc52d6f98ebf500304c24fc8856c36c161 (20220223221050)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=536fddf7da0517b43fcb92b27293bcf3ba06d889&tochange=1d528cfc52d6f98ebf500304c24fc8856c36c161

Set release status flags based on info from the regressing bug 1749380

Fixes a typo introduced when rebasing the original patch

https://hg.mozilla.org/mozilla-central/rev/9f3cb0197f1f

Bugmon Analysis
Unable to reproduce bug 1757002 using build mozilla-central 20220224093648-2eda0885cbad. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.