Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/a40712f84aed485b3da6d212938e330ae3b85605 (Mojofy DidCommitProvisionalLoad.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Camille, Arthur, this looks PlzNavigate-related, can you please take a look?

Yep, we shouldn't be calling DiscardPendingEntryIfNeeded from within NavigateToPendingEntry.  Looks like it's happening via NavigationRequest::OnRequestFailedInternal.

+jam: Didn't you add protections against this specifically?

Sorry, I don't remember.

ClusterFuzz has detected this issue as fixed in range 549059:549062.

Detailed report: https://clusterfuzz.com/testcase?key=4737039638724608

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !in_navigate_to_pending_entry_ || delegate_->IsBeingDestroyed() in navigation_co
  content::NavigationControllerImpl::DiscardPendingEntry
  content::NavigatorImpl::DiscardPendingEntryIfNeeded
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=502241:502256
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=549059:549062

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4737039638724608

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4737039638724608 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.