According to the flakiness dashboard, http://test-results.appspot.com/dashboards/flakiness_dashboard.html#showExpectations=true&tests=svg%2Fcustom%2Fcrash-textPath-attributes.html svg/custom/crash-textPath-attributes.html started hitting an assertion on Chromium Windows and Linux between r91283 and r91286. Suspicious changesets are http://trac.webkit.org/changeset/91285/ and http://trac.webkit.org/changeset/91286/.
Here's stack trace on Chromium Windows: WebCore::makeCounterNode [0x01021F67+807] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\rendercounter.cpp:443) WebCore::RenderCounter::originalText [0x0102195D+189] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\rendercounter.cpp:493) WebCore::RenderCounter::computePreferredLogicalWidths [0x01022FBE+46] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\rendercounter.cpp:516) WebCore::dirtyLineBoxesForRenderer [0x00FE714F+143] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblocklinelayout.cpp:236) WebCore::RenderBlock::layoutInlineChildren [0x00FE6C59+937] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblocklinelayout.cpp:1213) WebCore::RenderBlock::layoutBlock [0x00FAB2D8+1080] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1262) WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159) WebCore::RenderBlock::layoutBlockChild [0x00FAECAD+637] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:2002) WebCore::RenderBlock::layoutBlockChildren [0x00FAE97F+815] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1941) WebCore::RenderBlock::layoutBlock [0x00FAB2EE+1102] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1266) WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159) WebCore::RenderBlock::layoutBlockChild [0x00FAECAD+637] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:2002) WebCore::RenderBlock::layoutBlockChildren [0x00FAE97F+815] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1941) WebCore::RenderBlock::layoutBlock [0x00FAB2EE+1102] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1266) WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159) WebCore::RenderBlock::layoutBlockChild [0x00FAECAD+637] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:2002) WebCore::RenderBlock::layoutBlockChildren [0x00FAE97F+815] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1941) WebCore::RenderBlock::layoutBlock [0x00FAB2EE+1102] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1266) WebCore::RenderBlock::layout [0x00FAAE4E+62] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderblock.cpp:1159) WebCore::RenderView::layout [0x00F28006+502] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\rendering\renderview.cpp:132) WebCore::FrameView::layout [0x0112D0BB+2347] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\page\frameview.cpp:1014) WebCore::Document::updateLayout [0x017A6D41+209] (e:\b\build\slave\webkit_win__dbg__2_\build\src\third_party\webkit\source\webcore\dom\document.cpp:1615) WebCore::Document::updateLayoutIgnorePendingStylesheets [0x017A6E02+178]
Actually, this assertion is hit on Chromium Mac as well.
(In reply to comment #2) > Actually, this assertion is hit on Chromium Mac as well. I am taking a look at it. Changelist 91286 is CSS_REGIONS specific and i doubt it may cause such an assertion.
(In reply to comment #3) > I am taking a look at it. Changelist 91286 is CSS_REGIONS specific and i doubt it may cause such an assertion. So maybe http://trac.webkit.org/changeset/91285/ ? There's also http://trac.webkit.org/changeset/91283/ but I highly doubt that this change can cause a crash. +smfr, +macpherson just in case.
I doubt it's 91283. I submitted 91336 recently which could be related, but it's outside the range you're looking at.
The assertion is caused by http://trac.webkit.org/changeset/91285. Have to look more at it.
r91285 was rolled out in http://trac.webkit.org/changeset/91349.