CachedPage::restore() has an early-return at `if (!focusedOrMainFrame) return;` that bypasses the `clear()` call at the end of the function. The cached frame state (m_cachedMainFrame holding CachedFrames with documents/views) is never released, even though the cached page's data has already been transferred to the live page by `m_cachedMainFrame->open()`. This causes ~CachedPage to call `m_cachedMainFrame->destroy()` later. After the fix in bug 314238 (which destroys child CachedFrames before checking m_document), destroy() now descends into child CachedFrames whose documents have already been resumed by open() (state = NotInBackForwardCache). The ASSERT at CachedFrame.cpp:291 ASSERT(document->backForwardCacheState() == Document::InBackForwardCache); then fires, and the subsequent destroy code path corrupts live document state (detachViewsAndDocumentLoader, detachFromPage, removeAllEventListeners), hanging the WebContent process. The early-return path is reached when `page.focusController().focusedOrMainFrame()` returns null, which happens for iframe-process BFCache restoration where the page's main frame is a RemoteFrame and there is no LocalFrame to focus. Fix: call `clear()` in the early-return branch to release the cached frame state, since `open()` has already done its work and the cached storage is no longer needed.