Crash under ~RenderMenuList due to CheckedPtr usage: ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebCore 0x1102c25d0 WTFCrashWithInfo(int, char const*, char const*, int) + 20 1 WebCore 0x11014882c WebCore::RenderLayerModelObject::~RenderLayerModelObject() + 604 2 WebCore 0x110280864 WebCore::RenderMenuList::~RenderMenuList() + 16 3 WebCore 0x1127bed30 WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 964 4 WebCore 0x1127c9c1c WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) + 344 5 WebCore 0x1127d7bc8 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) + 1460 6 WebCore 0x1127d8de8 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 84 7 WebCore 0x11198a924 WebCore::ContainerNode::removeBetween(WebCore::Node*, WebCore::Node*, WebCore::Node&) + 312 8 WebCore 0x111986530 WebCore::ContainerNode::removeChild(WebCore::Node&) + 552 9 WebCore 0x110bae9b0 WebCore::jsNodePrototypeFunction_removeChild(JSC::JSGlobalObject*, JSC::CallFrame*) + 504 ```
<rdar://119790256>
Pull request: https://github.com/WebKit/WebKit/pull/24372
Committed 274586@main (35318b4d5407): <https://commits.webkit.org/274586@main> Reviewed commits have been landed. Closing PR #24372 and removing active labels.