Bug 289741

fast/forms/range/range-type-change-oninput.html is crashing for debug builds. History: https://results.webkit.org/?suite=layout-tests&test=fast%2Fforms%2Frange%2Frange-type-change-oninput.html&style=debug Log: https://build.webkit.org/results/Apple-Sequoia-Debug-WK1-Tests/292106@main%20(1349)/fast/forms/range/range-type-change-oninput-crash-log.txt ASSERTION FAILED: m_ptr /Volumes/Data/worker/Apple-Sequoia-Debug-Build/build/WebKitBuild/Debug/usr/local/include/wtf/Ref.h(134) : T *WTF::Ref<WTF::Thread>::ptr() const [T = WTF::Thread, _PtrTraits = WTF::RawPtrTraits<WTF::Thread>, RefDerefTraits = WTF::DefaultRefDerefTraits<WTF::Thread>] 1 0x167ad6d86 WTF::Ref<WTF::Thread, WTF::RawPtrTraits<WTF::Thread>, WTF::DefaultRefDerefTraits<WTF::Thread>>::ptr() const 2 0x167ba1261 WTF::SingleThreadIntegralWrapper<unsigned int>::assertThread() const 3 0x167ba1499 WTF::SingleThreadIntegralWrapper<unsigned int>::operator--() 4 0x167ba1424 WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int, (WTF::DefaultedOperatorEqual)0>::decrementCheckedPtrCount() const 5 0x16b9203bf WTF::CheckedPtr<WebCore::RenderBox, WTF::RawPtrTraits<WebCore::RenderBox>>::derefIfNotNull() 6 0x16b920375 WTF::CheckedPtr<WebCore::RenderBox, WTF::RawPtrTraits<WebCore::RenderBox>>::~CheckedPtr() 7 0x16b8de475 WTF::CheckedPtr<WebCore::RenderBox, WTF::RawPtrTraits<WebCore::RenderBox>>::~CheckedPtr() 8 0x16cffd163 WebCore::SliderThumbElement::setPositionFromPoint(WebCore::LayoutPoint const&) 9 0x16cffc7ce WebCore::SliderThumbElement::dragFrom(WebCore::LayoutPoint const&) 10 0x16ce2dd67 WebCore::RangeInputType::handleMouseDownEvent(WebCore::MouseEvent&) 11 0x16cc934b9 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&) 12 0x16c7da8fb WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&) 13 0x16c7d9f26 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) 14 0x16c88db3d WebCore::Node::dispatchEvent(WebCore::Event&) 15 0x16c76c094 WebCore::Element::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomString const&, int, WebCore::Element*, WebCore::IsSyntheticClick) 16 0x16d7662a1 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomString const&, WebCore::Node*, int, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) 17 0x16d76596f WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) 18 0x169b90be1 WebCore::EventHandler::mouseDown(NSEvent*, NSEvent*) 19 0x1108a0ae8 -[WebHTMLView mouseDown:] 20 0x10921f437 -[EventSendingController mouseDown:withModifiers:] 21 0x7ff808c7b79c __invoking___ 22 0x7ff808c7b655 -[NSInvocation invoke] 23 0x1681c3c43 JSC::Bindings::ObjcInstance::invokeObjcMethod(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::Bindings::ObjcMethod*) 24 0x1681c321f JSC::Bindings::ObjcInstance::invokeMethod(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::RuntimeMethod*) 25 0x16bb8f7b7 JSC::callRuntimeMethod(JSC::JSGlobalObject*, JSC::CallFrame*) 26 0x188e48207 25 ??? 0x0000000188e48207 0x0 + 6591644167 27 0x11fd9c11b jsc_llint_commonCallOp__llintOpWithMetadata__llintOpWithReturn__llintOp__commonOp__fn__fn__makeReturn__fn__fn__fn__934_callHelper__dispatch_LowLevelInterpreter64_asm_2535 28 0x11fd9acdf jsc_llint_commonCallOp__llintOpWithMetadata__llintOpWithReturn__llintOp__commonOp__fn__fn__makeReturn__fn__fn__fn__916_callHelper__dispatch_LowLevelInterpreter64_asm_2535 29 0x11fd72dba llint_call_javascript 30 0x11eb93a97 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) 31 0x11eee91eb JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)