We have gotten reports of a crash under `StyleOriginatedTimelinesController:: styleableWasRemoved()`. Trimmed crash signature: 10 WTF::TypeCastTraits<WebCore::CSSAnimation const, WebCore::WebAnimation const, false>::isType(WebCore::WebAnimation const&) (WebCore) 10 WTF::TypeCastTraits<WebCore::CSSAnimation const, WebCore::WebAnimation const, false>::isOfType(WebCore::WebAnimation const&) (WebCore) 10 bool WTF::is<WebCore::CSSAnimation, WebCore::WebAnimation>(WebCore::WebAnimation const&) (WebCore) 10 std::__1::conditional<std::is_const_v<WebCore::WebAnimation>, std::__1::add_const<WebCore::CSSAnimation>::type, __remove_const(WebCore::CSSAnimation)>::type* WTF::dynamicDowncast<WebCore::CSSAnimation, WebCore::WebAnimation>(WebCore::WebAnimation&) (WebCore) ==> 10 WebCore::StyleOriginatedTimelinesController::styleableWasRemoved(WebCore::Styleable const&) (WebCore) <== 10 WebCore::Styleable::elementWasRemoved() const (WebCore) 10 WebCore::Element::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (WebCore) 10 WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (WebCore) 10 WebCore::notifyChildNodeRemoved(WebCore::ContainerNode&, WebCore::Node&) (WebCore) 10 WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChange::Source) (WebCore) 10 WebCore::ContainerNode::removeChild(WebCore::Node&) (WebCore) 10 WebCore::Node::removeChild(WebCore::Node&) (WebCore) 10 WebCore::jsNodePrototypeFunction_removeChildBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSNode*)::'lambda'()::operator()() const (WebCore) 10 void WebCore::invokeFunctorPropagatingExceptionIfNecessary<WebCore::jsNodePrototypeFunction_removeChildBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSNode*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsNodePrototypeFunction_removeChildBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSNode*)::'lambda'()&&) (WebCore) 10 WebCore::jsNodePrototypeFunction_removeChildBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSNode*) (WebCore) 10 long long WebCore::IDLOperation<WebCore::JSNode>::call<&WebCore::jsNodePrototypeFunction_removeChildBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSNode*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (WebCore) 10 WebCore::jsNodePrototypeFunction_removeChild(JSC::JSGlobalObject*, JSC::CallFrame*) (WebCore) 9 JSC::JSValue JSC::callMicrotask<>(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue, JSC::JSCell*, WTF::ASCIILiteral) (JavaScriptCore) | 9 WebCore::MicrotaskQueue::runJSMicrotask(JSC::JSGlobalObject*, JSC::VM&, JSC::QueuedTask&) (WebCore) | 9 WebCore::MicrotaskQueue::performMicrotaskCheckpoint()::$_0::operator()(JSC::QueuedTask&) const (WebCore) | 9 void JSC::MicrotaskQueue::performMicrotaskCheckpoint<false, WebCore::MicrotaskQueue::performMicrotaskCheckpoint()::$_0>(JSC::VM&, WebCore::MicrotaskQueue::performMicrotaskCheckpoint()::$_0 const&) (WebCore) | 9 WebCore::MicrotaskQueue::performMicrotaskCheckpoint() (WebCore) | 9 WebCore::EventLoop::performMicrotaskCheckpoint() (WebCore) | 9 WebCore::EventLoopTaskGroup::performMicrotaskCheckpoint() (WebCore)