Update : 
Above issue is also reproducible on Mac(10.11.6, 10.12.1) & Linux(14.04 LTS) OS using latest #canary 60.0.3072.0 build.

Thank you!

Using the per-revision bisect providing the bisect results,
Good build: 59.0.3071.0 (Revision: 464641).
Bad build : 60.0.3072.0 (Revision: 464836).

You are probably looking for a change made after 464700 (known good), but no later than 464701 (first known bad).
CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/d1040f6d95719c52a3ec442c76be29d5c0630bf4..e594588348ea08e4cdc15dc587efa5645db5023e

@enne: Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.
Ading RB Label as this is a recent Regression.

Providing Stack Trace for the Crash ID -- a4ef294690000000
Stack Trace ::
===============
Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_EXEC @ 0x00000000 ] MAGIC SIGNATURE THREAD
Stack Quality95%Show frame trust levels
0x00000000		
0x00007ffc53ffabc0	(chrome_child.dll -paint_op_buffer.cc:511 )	cc::PaintOpBuffer::playback(SkCanvas *)
0x00007ffc53ffac02	(chrome_child.dll -paint_op_buffer.cc:524 )	cc::PaintOpBuffer::playback(SkCanvas *)
0x00007ffc53ffac02	(chrome_child.dll -paint_op_buffer.cc:524 )	cc::PaintOpBuffer::playback(SkCanvas *)
0x00007ffc53ffac02	(chrome_child.dll -paint_op_buffer.cc:524 )	cc::PaintOpBuffer::playback(SkCanvas *)
0x00007ffc53ff6c04	(chrome_child.dll -skia_paint_canvas.cc:277 )	cc::SkiaPaintCanvas::drawPicture(sk_sp<cc::PaintOpBuffer const >)
0x00007ffc560e3d25	(chrome_child.dll -pdf_metafile_skia.cc:193 )	printing::PdfMetafileSkia::FinishDocument()
0x00007ffc560e40d8	(chrome_child.dll -pdf_metafile_skia.cc:284 )	printing::PdfMetafileSkia::GetMetafileForCurrentPage(printing::SkiaDocumentType)
0x00007ffc55c08e6a	(chrome_child.dll -print_web_view_helper.cc:1358 )	printing::PrintWebViewHelper::RenderPreviewPage(int,PrintMsg_Print_Params const &)
0x00007ffc55c05818	(chrome_child.dll -print_web_view_helper.cc:1309 )	printing::PrintWebViewHelper::CreatePreviewDocument()
0x00007ffc55c06d51	(chrome_child.dll -print_web_view_helper.cc:1221 )	printing::PrintWebViewHelper::OnFramePreparedForPreviewDocument()
0x00007ffc55c05141	(chrome_child.dll -print_web_view_helper.cc:787 )	printing::PrepareFrameAndViewForPrint::CopySelectionIfNeeded(content::WebPreferences const &,base::Callback<void ,1,1> const &)
0x00007ffc55c07cf2	(chrome_child.dll -print_web_view_helper.cc:1210 )	printing::PrintWebViewHelper::PrepareFrameForPreviewDocument()
0x00007ffc55c079d4	(chrome_child.dll -print_web_view_helper.cc:1188 )	printing::PrintWebViewHelper::OnPrintPreview(base::DictionaryValue const &)
0x00007ffc55c03792	(chrome_child.dll -ipc_message_templates.h:121 )	IPC::MessageT<PrintMsg_PrintPreview_Meta,std::tuple<base::DictionaryValue>,void>::Dispatch<printing::PrintWebViewHelper,printing::PrintWebViewHelper,void,void ( printing::PrintWebViewHelper::*)(base::DictionaryValue const &)>(IPC::Message const *,printing::PrintWebViewHelper *,printing::PrintWebViewHelper *,void *,void ( printing::PrintWebViewHelper::*)(base::DictionaryValue const &))
0x00007ffc55c06fa9	(chrome_child.dll -print_web_view_helper.cc:1009 )	printing::PrintWebViewHelper::OnMessageReceived(IPC::Message const &)
0x00007ffc55a8d46e	(chrome_child.dll -render_frame_impl.cc:1524 )	content::RenderFrameImpl::OnMessageReceived(IPC::Message const &)
0x00007ffc55ead3ca	(chrome_child.dll -message_router.cc:56 )	IPC::MessageRouter::RouteMessage(IPC::Message const &)
0x00007ffc5564ac84	(chrome_child.dll -child_thread_impl.cc:742 )	content::ChildThreadImpl::OnMessageReceived(IPC::Message const &)
0x00007ffc55041c97	(chrome_child.dll -ipc_channel_proxy.cc:329 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &)
0x00007ffc53cf4d52	(chrome_child.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x00007ffc5572e640	(chrome_child.dll -task_queue_manager.cc:539 )	blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *)
0x00007ffc5572d4d6	(chrome_child.dll -task_queue_manager.cc:337 )	blink::scheduler::TaskQueueManager::DoWork(bool)
0x00007ffc56364c18	(chrome_child.dll -bind_internal.h:305 )	base::internal::InvokeHelper<1,void>::MakeItSo<void ( media::WebMediaPlayerImpl::*const &)(bool),base::WeakPtr<media::WebMediaPlayerImpl> const &,bool>(void ( media::WebMediaPlayerImpl::*const &)(bool),base::WeakPtr<media::WebMediaPlayerImpl> const &,bool &&)
0x00007ffc53cf4d52	(chrome_child.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x00007ffc53caae1e	(chrome_child.dll -message_loop.cc:423 )	base::MessageLoop::RunTask(base::PendingTask *)
0x00007ffc53cab9d6	(chrome_child.dll -message_loop.cc:527 )	base::MessageLoop::DoWork()
0x00007ffc53cf5f3c	(chrome_child.dll -message_pump_default.cc:33 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x00007ffc53cc9e0f	(chrome_child.dll -run_loop.cc:37 )	base::RunLoop::Run()
0x00007ffc55aa39d2	(chrome_child.dll -renderer_main.cc:200 )	content::RendererMain(content::MainFunctionParams const &)
0x00007ffc54f48b1a	(chrome_child.dll -content_main_runner.cc:438 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x00007ffc54f48963	(chrome_child.dll -content_main_runner.cc:740 )	content::ContentMainRunnerImpl::Run()
0x00007ffc5551dcfd	(chrome_child.dll -main.cc:179 )	service_manager::Main(service_manager::MainParams const &)
0x00007ffc54f4816b	(chrome_child.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x00007ffc54bc02af	(chrome_child.dll -chrome_main.cc:123 )	ChromeMain
0x00007ff69fc73f6f	(chrome.exe -main_dll_loader_win.cc:202 )	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x00007ff69fc7302f	(chrome.exe -chrome_exe_main_win.cc:271 )	wWinMain
0x00007ff69fca4ae2	(chrome.exe -exe_common.inl:253 )	__scrt_common_main_seh
0x00007ffc93738101	(KERNEL32.DLL + 0x00018101 )	BaseThreadInitThunk
0x00007ffc9382c5b3	(ntdll.dll + 0x0005c5b3 )	RtlUserThreadStart


Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/52c5ec950ba33ce26507840a34fd8690f86fe801

commit 52c5ec950ba33ce26507840a34fd8690f86fe801
Author: enne <enne@chromium.org>
Date: Tue Apr 18 05:07:03 2017

Fix crash in PaintOpBuffer alpha optimization

PaintOpBuffer in general checks if ops are draw ops before applying
the save/draw/restore alpha folding optimization to remove save layers.
However, the specific code that tries to recursively apply this op
to DrawRecordOp with a single op does not check draw op status.

Printing generates single op pictures containing annotate ops (for pdf
links, etc), which causes this to crash in practice.

The last unit test in this patch causes this to crash without the code
change applied.  The other unit tests are there just for completeness.

An alternative to this patch would be to implement RasterWithAlpha for
all op types, but that seems like needless code gen for a bunch of
functions that will never get called in practice.

BUG= 712093 
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel

Review-Url: https://codereview.chromium.org/2823113002
Cr-Commit-Position: refs/heads/master@{#465145}

[modify] https://crrev.com/52c5ec950ba33ce26507840a34fd8690f86fe801/cc/paint/paint_op_buffer.cc
[modify] https://crrev.com/52c5ec950ba33ce26507840a34fd8690f86fe801/cc/paint/paint_op_buffer.h
[modify] https://crrev.com/52c5ec950ba33ce26507840a34fd8690f86fe801/cc/paint/paint_op_buffer_unittest.cc

Verified the fix on the latest canary(60.0.3076.0) on Windows-10, Mac OS 10.12.3 and Linux Ubuntu 14.04. This is working as intended and no tab crash is seen.

Adding the verified label therefore.

enne@: Closing this as the fix has landed and is verified. Feel free to re-open if you want any other work on this.