Using the per-revision bisect providing the bisect results,
Good build: 58.0.3000.4 (Revision: 447669).
Bad build: 58.0.3001.0 (Revision: 447896).

You are probably looking for a change made after 447810 (known good), but no later than 447811 (first known bad).

CHANGE-LOG URL:
---------------
https://chromium.googlesource.com/chromium/src/+log/e51372ddbee311188504e30833e865c80623a9a0..101569dac2a9cee88240aa87fc695b9b6fb93aa1

From the CL above, assigning the issue to the concern owner

@qiangchen: Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.

Review-Url: https://codereview.chromium.org/2664943002

Note : Able to reproduce the issue in Ubuntu 14.04,Mac 10.12.2 & Win 7.

Adding Release Block-Dev for this issue.Please remove if not the case.

Stack Trace:
------------
Thread 8 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x000001d4 ] MAGIC SIGNATURE THREAD
Stack Quality78%Show frame trust levels
0x0000000108f944d4	(Google Chrome Framework -scheduler_state_machine.cc:951 )	cc::SchedulerStateMachine::SetNeedsRedraw()
0x0000000108f912b4	(Google Chrome Framework -scheduler.cc:122 )	cc::Scheduler::SetNeedsRedraw()
0x0000000108ffad03	(Google Chrome Framework -proxy_impl.cc:308 )	cc::ProxyImpl::SetNeedsRedrawOnImplThread()
0x0000000108f2dd44	(Google Chrome Framework -video_layer_impl.cc:374 )	cc::VideoLayerImpl::SetNeedsRedraw()
0x0000000108f2c44b	(Google Chrome Framework -video_frame_provider_client_impl.cc:131 )	cc::VideoFrameProviderClientImpl::StopRendering()
0x000000010bd25c9d	(Google Chrome Framework -video_frame_compositor.cc:93 )	non-virtual thunk to media::VideoFrameCompositor::SetVideoFrameProviderClient(cc::VideoFrameProvider::Client*)
0x0000000108f2c1a8	(Google Chrome Framework -video_frame_provider_client_impl.cc:61 )	cc::VideoFrameProviderClientImpl::Stop()
0x0000000108f2cb0f	(Google Chrome Framework -video_layer_impl.cc:64 )	cc::VideoLayerImpl::~VideoLayerImpl()
0x0000000108f2cc2d	(Google Chrome Framework -video_layer_impl.cc:55 )	cc::VideoLayerImpl::~VideoLayerImpl()
0x0000000108fd73ee	(Google Chrome Framework -memory:2398 )	cc::LayerTreeImpl::Shutdown()
0x0000000108fc830e	(Google Chrome Framework -layer_tree_host_impl.cc:307 )	cc::LayerTreeHostImpl::~LayerTreeHostImpl()
0x0000000108fc894d	(Google Chrome Framework -layer_tree_host_impl.cc:284 )	<name omitted>
0x0000000108ff991f	(Google Chrome Framework -memory:2398 )	cc::ProxyImpl::~ProxyImpl()
0x0000000108ff9a6d	(Google Chrome Framework -proxy_impl.cc:89 )	<name omitted>
0x0000000108ffcea5	(Google Chrome Framework -memory:2398 )	cc::ProxyMain::DestroyProxyImplOnImplThread(cc::CompletionEvent*)
0x0000000107e6a1a0	(Google Chrome Framework -callback.h:68 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000000107e8e75a	(Google Chrome Framework -message_loop.cc:421 )	base::MessageLoop::RunTask(base::PendingTask*)
0x0000000107e8eaab	(Google Chrome Framework -message_loop.cc:430 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x0000000107e8ee62	(Google Chrome Framework -message_loop.cc:523 )	base::MessageLoop::DoWork()
0x0000000107e920f9	(Google Chrome Framework -message_pump_mac.mm:302 )	base::MessagePumpCFRunLoopBase::RunWork()
0x0000000107e82d09	(Google Chrome Framework + 0x01a0ad09 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000107e91b73	(Google Chrome Framework -message_pump_mac.mm:278 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff8a3b9880	(CoreFoundation + 0x000aa880 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff8a398fbb	(CoreFoundation + 0x00089fbb )	__CFRunLoopDoSources0
0x00007fff8a3984de	(CoreFoundation + 0x000894de )	__CFRunLoopRun
0x00007fff8a397ed7	(CoreFoundation + 0x00088ed7 )	CFRunLoopRunSpecific
0x0000000107e924be	(Google Chrome Framework -message_pump_mac.mm:526 )	base::MessagePumpCFRunLoop::DoRun(base::MessagePump::Delegate*)
0x0000000107e91fbb	(Google Chrome Framework -message_pump_mac.mm:210 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000107eb0102	(Google Chrome Framework -run_loop.cc:37 )	base::RunLoop::Run()
0x0000000107edc8e8	(Google Chrome Framework -thread.cc:333 )	base::Thread::ThreadMain()
0x0000000107ed7a16	(Google Chrome Framework -platform_thread_posix.cc:71 )	base::(anonymous namespace)::ThreadFunc(void*)
0x00007fff9570e99c	(libsystem_pthread.dylib + 0x0000399c )	_pthread_body
0x00007fff9570e919	(libsystem_pthread.dylib + 0x00003919 )	_pthread_start
0x00007fff9570c350	(libsystem_pthread.dylib + 0x00001350 )	thread_start
0x0000000107ed79bf	(Google Chrome Framework + 0x01a5f9bf )	

Changing the status to Release Block Beta as this issue is not affecting tomorrow's release build# 58.0.3000.4.
This Crash is also observed on www.imdb.com also.
Will keep monitoring the Crash and will update the issue.
Thank You.

These are one of the top crasher on the latest canary and few other signature variants are seen on Windows canary(58.0.3001.0):

1. cc::Scheduler::SetNeedsRedraw
2. cc::ProxyImpl::SetNeedsRedrawOnImplThread.

Note: Crashes are not reproducible or seen on the Dev release candidate(58.0.3000.4) but seen only on 58.0.3001.0.

+danakj

https://codereview.chromium.org/2667383009/

A revert of the suspect change was submitted (Comment #7); can verify this fixes the crash in the next canary.
 

Verified that no crashes have occurred after 58.0.3001.0.

Issue 688634 has been merged into this issue.