Version: 56.0.2888.0 (with DCHECKs enabled)

What steps will reproduce the problem?
(1) Visit https://badssl.com and run the following Javascript in DevTools:
var i = document.createElement("iframe");
i.src = "https://mixed.badssl.com";
document.body.appendChild(i);
i.src = "https://example.com";
(2) Right-click on the inserted frame and click "Back".

What is the expected output?

Renderer doesn't crash.

What do you see instead?

Renderer dies with the following stacktrace:

[1:1:1012/102729:FATAL:WebMixedContent.cpp(90)] Check failed: false. 
#0 0x7fb46e9fe5fe base::debug::StackTrace::StackTrace()
#1 0x7fb46ea2085b logging::LogMessage::~LogMessage()
#2 0x7fb468fe73f7 blink::WebMixedContent::contextTypeFromRequestContext()
#3 0x7fb4611e8d4c blink::MixedContentChecker::contextTypeForInspector()
#4 0x7fb460fdbfb2 blink::InspectorNetworkAgent::willSendRequestInternal()
#5 0x7fb460fde3df blink::InspectorNetworkAgent::willSendRequest()
#6 0x7fb461630188 blink::InspectorInstrumentation::willSendRequest()
#7 0x7fb4611d294f blink::FrameFetchContext::dispatchWillSendRequest()
#8 0x7fb4611d3484 blink::FrameFetchContext::dispatchDidLoadResourceFromMemoryCache()
#9 0x7fb460d14718 blink::ResourceFetcher::requestLoadStarted()
#10 0x7fb460d16c38 blink::ResourceFetcher::requestResource()
#11 0x7fb460cf899f blink::ImageResource::fetch()
#12 0x7fb4611c18a1 blink::DocumentLoader::startPreload()
#13 0x7fb460ef7a7e blink::HTMLResourcePreloader::preload()
#14 0x7fb460f1bdb4 blink::ResourcePreloader::takeAndPreload()
#15 0x7fb460edf4ce blink::HTMLDocumentParser::fetchQueuedPreloads()
#16 0x7fb460ee30b6 blink::HTMLDocumentParser::documentElementAvailable()
#17 0x7fb460e0c2e3 blink::HTMLHtmlElement::insertedByParser()
#18 0x7fb460f0edb7 blink::HTMLTreeBuilder::processStartTag()
#19 0x7fb460f0c915 blink::HTMLTreeBuilder::constructTree()
#20 0x7fb460edebaf blink::HTMLDocumentParser::processTokenizedChunkFromBackgroundParser()
#21 0x7fb460edc2cf blink::HTMLDocumentParser::pumpPendingSpeculations()
#22 0x7fb4690ffe1e blink::CancellableTaskFactory::CancellableTask::run()
#23 0x7fb469116f37 _ZN4base8internal7InvokerINS0_9BindStateIPFvSt10unique_ptrIN5blink13WebTaskRunner4TaskESt14default_deleteIS6_EEEJNS0_13PassedWrapperIS9_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#24 0x7fb46e9ff124 base::debug::TaskAnnotator::RunTask()
#25 0x7fb469109374 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#26 0x7fb469107cfc blink::scheduler::TaskQueueManager::DoWork()
#27 0x7fb46e9ff124 base::debug::TaskAnnotator::RunTask()
#28 0x7fb46ea2bfbd base::MessageLoop::RunTask()
#29 0x7fb46ea2c338 base::MessageLoop::DeferOrRunPendingTask()
#30 0x7fb46ea2c74b base::MessageLoop::DoWork()
#31 0x7fb46ea2de3e base::MessagePumpDefault::Run()
#32 0x7fb46ea2bca4 base::MessageLoop::RunHandler()
#33 0x7fb46ea590c0 base::RunLoop::Run()
#34 0x7fb46cad6be5 content::RendererMain()
#35 0x7fb46cbfc4ff content::RunZygote()
#36 0x7fb46cbfcdff content::RunNamedProcessTypeMain()
#37 0x7fb46cbfd82b content::ContentMainRunnerImpl::Run()
#38 0x7fb46cbfc0c0 content::ContentMain()
#39 0x7fb46f46aaed ChromeMain
#40 0x7fb465970f45 __libc_start_main
#41 0x7fb46f46a9c9 <unknown>

Maybe this has something to do with mixed content checking memory cache resources...