Thank you for the report! Could you please attach some crash logs that correspond to the occurrence of the crash? They should be in ~/Library/Logs/DiagnosticReports, or also accessible via Console.app.

Created attachment 474272 [details] Crash Log I have attached a crash log. There were multiple crash logs in a short timeframe, and I believe they are all the same event.

Thank you! Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x11a96c268 WebCore::Navigation::initializeForNewWindow(std::__1::optional<WebCore::NavigationNavigationType>, WebCore::LocalDOMWindow*) 1 com.apple.WebCore 0x11a7ae0a8 WebCore::FrameLoader::didBeginDocument(bool, WebCore::LocalDOMWindow*) 2 com.apple.WebCore 0x11a785eec WebCore::DocumentWriter::begin(WTF::URL const&, bool, WebCore::Document*, std::__1::optional<WebCore::ProcessQualified<WTF::UUID>>, WebCore::NavigationAction const*) 3 com.apple.WebCore 0x11a77e8dc WebCore::DocumentLoader::commitData(WebCore::SharedBuffer const&) 4 com.apple.WebKit 0x1062dcab4 WebKit::WebLocalFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, WebCore::SharedBuffer const&) + 80 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:1146 5 com.apple.WebCore 0x11a785870 WebCore::DocumentLoader::commitLoad(WebCore::SharedBuffer const&) 6 com.apple.WebCore 0x11a85ade8 WebCore::CachedRawResource::notifyClientsDataWasReceived(WebCore::SharedBuffer const&) 7 com.apple.WebCore 0x11a85a9c0 WebCore::CachedRawResource::updateBuffer(WebCore::FragmentedSharedBuffer const&) 8 com.apple.WebCore 0x11a824d3c WebCore::SubresourceLoader::didReceiveBuffer(WebCore::FragmentedSharedBuffer const&, long long, WebCore::DataPayloadType) ...

<rdar://problem/145088211>

I can reproduce on https://opencourses.desire2learn.com/

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=1, subcode=0x3025f616c) frame #0: 0x00000003025f616c WebCore`std::__1::optional<unsigned long>::operator*[abi:sn190102]() & [inlined] __clang_trap_msg$libc++$/Volumes/XCode/Xcode_E.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX15.4.Internal.sdk/usr/include/c++/v1/optional:805: assertion this->has_value() failed: optional operator* called on a disengaged value at optional:0 801 return this->__get(); 802 } 803 -> 804 _LIBCPP_HIDE_FROM_ABI constexpr value_type& operator*() & noexcept { 805 _LIBCPP_ASSERT_VALID_ELEMENT_ACCESS(this->has_value(), "optional operator* called on a disengaged value"); 806 return this->__get(); 807 } Note: this address is compiler-generated code in function __clang_trap_msg$libc++$/Volumes/XCode/Xcode_E.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX15.4.Internal.sdk/usr/include/c++/v1/optional:805: assertion this->has_value() failed: optional operator* called on a disengaged value that has no source code associated with it. Target 0: (com.apple.WebKit.WebContent.Development) stopped. (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=1, subcode=0x3025f616c) * frame #0: 0x00000003025f616c WebCore`std::__1::optional<unsigned long>::operator*[abi:sn190102]() & [inlined] __clang_trap_msg$libc++$/Volumes/XCode/Xcode_E.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX15.4.Internal.sdk/usr/include/c++/v1/optional:805: assertion this->has_value() failed: optional operator* called on a disengaged value at optional:0 frame #1: 0x00000003025f616c WebCore`std::__1::optional<unsigned long>::operator*[abi:sn190102](this= Has Value=false ) & at optional:805:5 frame #2: 0x0000000306032d20 WebCore`WebCore::Navigation::initializeForNewWindow(this=0x000000035e3d18c0, navigationType= Has Value=false , previousWindow=0x0000000165e8f400) at Navigation.cpp:151:48 frame #3: 0x0000000305c70bd8 WebCore`WebCore::FrameLoader::didBeginDocument(this=0x000000035c057180, dispatch=false, previousWindow=0x0000000165e8f400) at FrameLoader.cpp:860:55 frame #4: 0x0000000305c04f24 WebCore`WebCore::DocumentWriter::begin(this=0x0000000164c3e0e8, urlReference=0x000000016eea4e70, dispatch=false, ownerDocument=0x0000000000000000, documentIdentifier= Has Value=true , triggeringAction=0x0000000164c3e6e0) at DocumentWriter.cpp:252:18

It's crashing here more precisely trying to de-reference: https://searchfox.org/wubkat/rev/ebd79f4fcd6b9524e919045c91553108bcc227cb/Source/WebCore/page/Navigation.cpp#151

This is a possible fix, not sure if it's the right one: ``` diff --git a/Source/WebCore/page/Navigation.cpp b/Source/WebCore/page/Navigation.cpp index 16de48a2e135..39060613c0f3 100644 --- a/Source/WebCore/page/Navigation.cpp +++ b/Source/WebCore/page/Navigation.cpp @@ -124,6 +124,8 @@ void Navigation::initializeForNewWindow(std::optional<NavigationNavigationType> if (previousWindow && !frame()->isMainFrame()) { Ref previousNavigation = previousWindow->protectedNavigation(); bool shouldProcessPreviousNavigationEntries = [&]() { + if (!previousNavigation->m_currentEntryIndex) + return false; if (!previousNavigation->m_entries.size()) return false; if (!frame()->document()->protectedSecurityOrigin()->isSameOriginAs(previousWindow->document()->protectedSecurityOrigin())) ```

`previousNavigation->m_currentEntryIndex` is the `std::optional<...>` that is getting unwrapped.

Pull request: https://github.com/WebKit/WebKit/pull/41797

Pull request: https://github.com/WebKit/WebKit/pull/49141

Committed 298480@main (0b66d56fa5dc): <https://commits.webkit.org/298480@main> Reviewed commits have been landed. Closing PR #49141 and removing active labels.

Thank you for the report, should be fixed now!