This is discovered while debugging  crbug.com/854174 .

Prerequisite: --enable-features=SlimNavigationManager
Bug reproducible at ToTT (72.0.3613.0)

To reproduce it in iOS simulator:
1. Open NTP
2. Load https://twitter.com
3. Click on any Twitter profile
4. Click on another Twitter profile
5. Set a breakpoint in [CRWWebController -URLDidChangeWithoutDocumentChange]: https://chromium.googlesource.com/chromium/src/+/72.0.3613.0/ios/web/web_state/ui/crw_web_controller.mm#5534
6. Tap on Back

This should trigger the breakpoint from step 5. Digging into WKBasedNavigationManagerImpl, we find that |last_committed_item_index_| is 1 (corresponds to https://twitter.com item), instead of 3 (corresponds to the Twitter profile loaded in 4). This may create subtle bugs because WKBasedNavigationManagerImpl::GetLastCommittedItem() will return the wrong item when |pending_item_index_| is not -1 (i.e. in-progress back/forward navigation).

This is because the navigations in step 3 and 4 are triggered by history.pushState(). WKBasedNavigationManagerImpl::CommitPendingItem() is never called, so |last_committed_item_index_| is not updated after step 2.