Note this is in TOT synced to #408110

Any specific URL you are using? Also, do you have --enable-browser-side-navigation?

I was just using the following php:
<?php
echo date('h:i:s') . "<br>";

//sleep for 5 seconds
sleep(5);

//start again
echo date('h:i:s');
?>

This isn't using the PlzNavigate flag.

Seems this can't be triaged from TE end, adding TE-NeedsFurtherTriage label to further triage.

The problem here is that we expect RenderFrameDevToolsAgentHost::OnCancelPendingNavigation to be called (from the RenderFrameHostImpl::CancelPending) when user navigates while pending navigation is still in place.
This does not happen. @nasko, @clamy: is this expected?

Requesting Dev team for further triaging since there is no manual reproducible steps. 

I'll see if I can run a bisect.

bisect-builds isn't working because this is only crashing on a DCHECK. Is there a way to turn DCHECK_ALWAYS_ON for that script?

In any case, blackhole.webpagetest.org has the same behavior (that url never commits). That should make this easier to repro.

I have to dig into this some with the debugger, but thinking through it, I don't think it is valid to think that the pending RenderFrameHost will be cancelled when creating the new navigation. Poking at the code, I can see this comment, which backs it up:

// ... We will reuse the pending RFH below if it matches the destination
// SiteInstance.

https://cs.chromium.org/chromium/src/content/browser/frame_host/render_frame_host_manager.cc?rcl=1471375518&l=2246

Good point. I confirmed that this does not repro if I try to double navigate same-site to a slow to commit URL.

For the record: naive solution to skip SetPending in this case didn't work. Seems like we miss initialization in this case.

if (pending_ && pending_->host() == new_host) return;

This is not crashing with browser side navigation, so I am tentatively closing this.