This bug is for crash report bp-378dd1b6-e940-40d3-b374-f5a920200430.

Top 10 frames of crashing thread:

0 XUL nsDOMNavigationTiming::nsDOMNavigationTiming dom/base/nsDOMNavigationTiming.cpp:550
1 XUL std::__1::__function::__func<nsDocShell::ResumeRedirectedLoad /builds/worker/fetches/clang/include/c++/v1/functional:1707
2 XUL mozilla::dom::ChildProcessChannelListener::OnChannelReady /builds/worker/fetches/clang/include/c++/v1/functional:1860
3 XUL mozilla::dom::ContentChild::RecvCrossProcessRedirect dom/ipc/ContentChild.cpp:3498
4 XUL mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:12418
5 XUL mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2186
6 XUL mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1989
7 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1200
8 XUL mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
9 XUL MessageLoop::Run ipc/chromium/src/base/message_loop.cc:290

I've hit this tab crash randomly while trying to navigate to a local page (about:support) on macOS 10.14

I will investigate this further in order to find reliable STR.

[Notes]:

• From the other crash reports with this signature, it seems that this issue affects Windows and Ubuntu 20.04 as well.
• Also this seems to go way back to 74.0 builds (per crash reports).
• Feel free to change the component if this doesn't fit here

We had maybe a crash a month on Nighty with this signature and we had 28 in the last 48 hours so that looks like a regression.
The new crashes started with build ID 20200429095105
Changelog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a34695d9b99d1e9098e846b751c9adf1f52ee760&tochange=262c8adb52655e2028595d9838903b8b5a0a87da

The crashes on 74 and 75 are something totally different and don't see similar crashes on 76.

[Tracking Requested - why for this release]:
77 is crashing.
Seemingly the crash is null + offset crash. Are we passing null timing through the methods all the way to the constructor and then crash in
https://hg.mozilla.org/mozilla-central/annotate/83beb87d9f6945ccddefe62341b5536398eb72a0/dom/base/nsDOMNavigationTiming.cpp#l550

I've managed to find some reliable STR:

Steps to Reproduce

1. Launch Firefox
2. Start typing about:support (or any local page in the awesomebar) and delete the suggested String until you have (let's say) "about:sup" and hit enter.

Actual Result

• Tab Crash

Expected Result

• The "Hmm. That address doesn’t look right." page is displayed

Regression Range

• Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a34695d9b99d1e9098e846b751c9adf1f52ee760&tochange=262c8adb52655e2028595d9838903b8b5a0a87da (Thanks Pascal!)
• This seems to be a regression introduced by Bug 1633644

Additional Notes
This issue is not reproducible with browser.tabs.documentchannel pref set to false

I can't reproduce with the step provided.

This is more likely due to bug 1602318

https://hg.mozilla.org/mozilla-central/rev/b9c81735df1d

Reproduced the issue on Ubuntu 20/macOS 10.15.3 with 77.0a1 (2020-04-30) with a slight alteration to the STR, in the sense that we've opened a 2nd tab and followed the steps -> instant tab-crash.
Can confirm that the issue is no longer encountered - fix verified with 77.0b2 on Windows 10, macOS 10.15.3, Ubuntu 20.