Please find the Video & Logcat @ go/chrome-androidlogs1/7/725788

Additional Comments:
Issue repro on HTC One M9 (arm_64/Adreno(TM) 430)/ MRA58K and Sony Xperia XA (MaliT860/F3116) / 6.0

adding release block dev as its a recent regression and broken on all OEM mail. Thanks 

Downloading 1 files took 0.003545 second(s)
Operating system: Android
                  samsung/j5ltexx/j5lte:6.0.1/MMB29M/J500FXXU1BPJ3:user/release-keys
CPU: arm
     4 CPUs

GPU: OpenGL ES 3.0 V@140.0 AU@ (GIT@Ia10634f51b)
     Qualcomm
     Adreno (TM) 306

Crash reason:  
Crash address: 0x0
Process uptime: not available

Thread 0 (crashed)
 0  libwebviewchromium.so!cc::SurfaceAggregator::PrewalkTree(cc::SurfaceId const&, bool, int, cc::SurfaceAggregator::PrewalkResult*) [surface_aggregator.cc : 633 + 0x0]
     r0 = 0xb848c050    r1 = 0x00000001    r2 = 0xb8390c10    r3 = 0x00000000
     r4 = 0x00000000    r5 = 0xb7e29c28    r6 = 0x00000000    r7 = 0xb8390c10
     r8 = 0x9d1a6afc    r9 = 0x9d1a6bf8   r10 = 0xb88b40bc   r12 = 0xb8889a08
     fp = 0xb848c050    sp = 0x9d1a69e8    lr = 0xa22dd891    pc = 0xa22dd8a6
    Found by: given as instruction pointer in context
 1  libwebviewchromium.so!cc::SurfaceAggregator::Aggregate(cc::SurfaceId const&) [surface_aggregator.cc : 858 + 0x7]
     r4 = 0x0defaced    r5 = 0x0defaced    r6 = 0x0defaced    r7 = 0x00000000
     r8 = 0x0defaced    r9 = 0x9d1a6bf8   r10 = 0x9d1a6bb8    fp = 0x0defaced
     sp = 0x9d1a6b68    pc = 0xa22de14f
    Found by: call frame info
 2  libwebviewchromium.so!cc::Display::DrawAndSwap() [display.cc : 258 + 0xb]
     r4 = 0x0defaced    r5 = 0x9d1a6e18    r6 = 0x9d1a6db0    r7 = 0x0defaced
     r8 = 0x0defaced    r9 = 0x0defaced   r10 = 0x9d1a6f64    fp = 0x9d1a71c4
     sp = 0x9d1a6d40    pc = 0xa22d25cd
    Found by: call frame info
 3  libwebviewchromium.so!android_webview::SurfacesInstance::DrawAndSwap(gfx::Size const&, gfx::Rect const&, gfx::Transform const&, gfx::Size const&, cc::SurfaceId const&) [surfaces_instance.cc : 154 + 0x3]
     r4 = 0x9d1a6f68    r5 = 0x0defaced    r6 = 0x9d1a7060    r7 = 0x0defaced
     r8 = 0x0defaced    r9 = 0x0defaced   r10 = 0x9d1a6f64    fp = 0x9d1a71c4
     sp = 0x9d1a6f48    pc = 0xa2258e1b
    Found by: call frame info
 4  libwebviewchromium.so!android_webview::HardwareRenderer::DrawGL(AwDrawGLInfo*) [hardware_renderer.cc : 161 + 0xf]
     r4 = 0x0defaced    r5 = 0x9d1a7218    r6 = 0x9d1a71d4    r7 = 0x9d1a71f8
     r8 = 0x00000460    r9 = 0x9d1a71e4   r10 = 0x9d1a71c4    fp = 0x0defaced
     sp = 0x9d1a7180    pc = 0xa224c411
    Found by: call frame info
 5  libwebviewchromium.so!android_webview::RenderThreadManager::DrawGL(AwDrawGLInfo*) [render_thread_manager.cc : 352 + 0x5]
     r4 = 0x0defaced    r5 = 0x9d1a73c8    r6 = 0x0defaced    r7 = 0x9d1a74b4
     r8 = 0x9d1a73d8    r9 = 0x9d1a73c0   r10 = 0x00000000    fp = 0x0defaced
     sp = 0x9d1a7388    pc = 0xa2254d5d
    Found by: call frame info
 6  libwebviewchromium_plat_support.so + 0x144d
     r4 = 0x00000000    r5 = 0xa223dcb1    r6 = 0xb5c20c11    r7 = 0x00000000
     r8 = 0x9d1a7568    r9 = 0x0defaced   r10 = 0x0defaced    fp = 0x0defaced
     sp = 0x9d1a74b0    pc = 0x9d1dd44f

It seems relate to 

https://codereview.chromium.org/2855723002

Another bug https://b.corp.google.com/issues/62076254

I don't think there's any reason for this bug to be restricted. Please don't file restricted bugs unless there's some actual confidential information included.

 Issue 726274  has been merged into this issue.

samans@,
This is M60 RBD for WebView. We have Dev push on coming Tuesday. We need this fix before that.

Thanks!

Verified OEM mail  crash not reproducible with steps mentioned in comment#1  on monochrome version 60.0.3112.0 on  on following devices: 
Sony Xperia Z3 + /6.0.1,
Moto Z(XT1650)/ 7.0 
Samsung Galaxy J7/ MMB29K, 
Sony Xperia Z5 (7.0.0) , 

saman@ Unable to repro on latest M60: 60.0.3112.6
Tested devices:Samsung On Nxt / MMB29K,Samsung Galaxy J5 / MMB29K,HTC One M9 (arm_64/Adreno(TM) 430)/ MRA58K and Sony Xperia XA (MaliT860/F3116) / 6.0

Thanks!

Since the revert fix has been verified on many devices, marking as verified.