Found while fuzzing m-c 20220818-6502583dede7 (--enable-debug --enable-fuzzing)

The test case seems to only trigger the issue when the browser is run with --headless.

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --headless

Hit MOZ_CRASH(assertion failed: bytes.len() >= finish as usize) at gfx/wr/webrender/src/texture_cache.rs:1593

#0 0x7fff59096f77 in AnnotateMozCrashReason /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:40
#1 0x7fff59096f77 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261
#2 0x7fff59096f77 in RustMozCrash /builds/worker/checkouts/gecko/mozglue/static/rust/wrappers.cpp:17
#3 0x7fff57461bc0 in mozglue_static::panic_hook /builds/worker/checkouts/gecko/mozglue/static/rust/lib.rs:91
#4 0x7fff57461b01 in core::ops::function::FnOnce::call_once /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\core\src\ops\function.rs:248
#5 0x7fff57461b01 in core::ops::function::FnOnce::call_once<void (*)(ref$<core::panic::panic_info::PanicInfo>),tuple$<ref$<core::panic::panic_info::PanicInfo> > > /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\core\src\ops\function.rs:164
#6 0x7fff576cdad3 in std::panicking::rust_panic_with_hook /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\std\src\panicking.rs:702
#7 0x7fff576cd7b9 in std::panicking::begin_panic_handler::closure$0 /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\std\src\panicking.rs:586
#8 0x7fff576cd748 in std::sys_common::backtrace::__rust_end_short_backtrace<std::panicking::begin_panic_handler::closure_env$0,never$> /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\std\src\sys_common\backtrace.rs:138
#9 0x7fff576cd703 in std::panicking::begin_panic_handler /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\std\src\panicking.rs:584
#10 0x7fff597688d4 in core::panicking::panic_fmt /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\core\src\panicking.rs:142
#11 0x7fff597689cb in core::panicking::panic /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\core\src\panicking.rs:48
#12 0x7fff57a221fa in webrender::internal_types::TextureCacheUpdate::new_update /builds/worker/checkouts/gecko/gfx/wr/webrender/src/texture_cache.rs:1593
#13 0x7fff57a221fa in webrender::texture_cache::TextureCache::update /builds/worker/checkouts/gecko/gfx/wr/webrender/src/texture_cache.rs:940
#14 0x7fff57b44cce in webrender::resource_cache::ResourceCache::update_texture_cache /builds/worker/checkouts/gecko/gfx/wr/webrender/src/resource_cache.rs:1317
#15 0x7fff57b44cce in webrender::resource_cache::ResourceCache::block_until_all_resources_added /builds/worker/checkouts/gecko/gfx/wr/webrender/src/resource_cache.rs:1290
#16 0x7fff57b44cce in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:452
#17 0x7fff57b44cce in webrender::frame_builder::FrameBuilder::build /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:510
#18 0x7fff57ab9707 in webrender::render_backend::Document::build_frame /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:515
#19 0x7fff57a9e01f in webrender::render_backend::RenderBackend::update_document /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1416
#20 0x7fff57a9468c in webrender::render_backend::RenderBackend::prepare_transactions /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1273
#21 0x7fff57a9468c in webrender::render_backend::RenderBackend::process_api_msg /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1113
#22 0x7fff57a8c3cb in webrender::render_backend::RenderBackend::run /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:770
#23 0x7fff57a8c3cb in webrender::renderer::init::create_webrender_instance::closure$5 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/init.rs:644
#24 0x7fff57a8c3cb in std::sys_common::backtrace::__rust_begin_short_backtrace<webrender::renderer::init::create_webrender_instance::closure_env$5,tuple$<> > /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\std\src\sys_common\backtrace.rs:122
#25 0x7fff57a8a251 in std::thread::impl$0::spawn_unchecked_::closure$1::closure$0 /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\std\src\thread\mod.rs:505
#26 0x7fff57a8a251 in core::panic::unwind_safe::impl$23::call_once /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\core\src\panic\unwind_safe.rs:271
#27 0x7fff57a8a251 in std::panicking::try::do_call /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\std\src\panicking.rs:492
#28 0x7fff57a8a251 in std::panicking::try /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\std\src\panicking.rs:456
#29 0x7fff57a8a251 in std::panic::catch_unwind /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\std\src\panic.rs:137
#30 0x7fff57a8a251 in std::thread::impl$0::spawn_unchecked_::closure$1 /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\std\src\thread\mod.rs:511
#31 0x7fff57a8a251 in core::ops::function::FnOnce::call_once<std::thread::impl$0::spawn_unchecked_::closure_env$1<webrender::renderer::init::create_webrender_instance::closure_env$5,tuple$<> >,tuple$<> > /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f\library\core\src\ops\function.rs:248
#32 0x7fff576ca091 in alloc::boxed::impl$44::call_once /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\alloc\src\boxed.rs:1951
#33 0x7fff576ca091 in alloc::boxed::impl$44::call_once /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\alloc\src\boxed.rs:1951
#34 0x7fff576ca091 in std::sys::windows::thread::impl$0::new::thread_start /rustc/4b91a6ea7258a947e59c6522cd5898e7c0a6a88f/library\std\src\sys\windows\thread.rs:56
#35 0x7fff6f6d9dc3 in __asan::AsanThread::ThreadStart(unsigned __int64) /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_thread.cpp:277
#36 0x7fff819a84d3  (C:\Windows\System32\KERNEL32.DLL+0x1800084d3)
#37 0x7fff7638c03c in mozilla::interceptor::FuncHook<mozilla::interceptor::WindowsDllInterceptor<mozilla::interceptor::VMSharingPolicyShared>,void (*)(int, void *, void *)>::operator() /builds/worker/checkouts/gecko/toolkit/xre/dllservices/mozglue/nsWindowsDllInterceptor.h:150
#38 0x7fff7638c03c in patched_BaseThreadInitThunk /builds/worker/checkouts/gecko/toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp:577
#39 0x7fff81cf1790  (C:\Windows\SYSTEM32\ntdll.dll+0x180051790)

This is a more reliable test case.

A Pernosco session is available here: https://pernos.co/debug/nU11KwVq_2v7r2ZBOtzISw/index.html

scroll down and up: bp-f586781c-44bf-4244-8b46-6450b0230106

Unable to reproduce bug 1786447 using build mozilla-central 20220818232425-6502583dede7. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.