Here are the non-Mac crashers:

https://crash.corp.google.com/browse?q=stable_signature%3D%27viz%3A%3AClientLayerTreeFrameSink%3A%3ASubmitCompositorFrame-d581bbbc%27#samplereports

A common flag here is --enable-main-frame-before-activation

Investigating further!

A few days have passed. It seems like Mac crashes are either entirely gone or very rare! Yay! 

Surface invariants violations are still happening (but rare!) on other platforms. In particular judging from the crash logs I've seen so far, --enable-main-frame-before-activation and device_scale_factor > 1.0 seem to be the common theme. I have yet to repro locally though.

Landing a couple more diagnostic CHECKs in order to pin down the root cause here:

https://chromium-review.googlesource.com/c/chromium/src/+/989851

https://chromium-review.googlesource.com/c/chromium/src/+/990200

Passing along surface invariants violation investigation to jonross@

Latest set of reports is here: https://crash.corp.google.com/browse?q=EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27viz%3A%3AClientLayerTreeFrameSink%3A%3ASubmitCompositorFrame%28viz%3A%3ACompositorFrame%29%27%29+AND+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27viz%3A%3AClientLayerTreeFrameSink%3A%3ASubmitCompositorFrame%28viz%3A%3ACompositorFrame%29%27%29#samplereports

Since the start of October reports are much lower (>200 a day) with half being not the invariants, but failures to serialize 
 <viz::mojom::SharedQuadStateDataView, mojo::OptSharedQuadState>

Such as in:
https://crash.corp.google.com/browse?q=EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27viz%3A%3AClientLayerTreeFrameSink%3A%3ASubmitCompositorFrame%28viz%3A%3ACompositorFrame%29%27%29+AND+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27viz%3A%3AClientLayerTreeFrameSink%3A%3ASubmitCompositorFrame%28viz%3A%3ACompositorFrame%29%27%29+AND+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27mojo%3A%3Ainternal%3A%3ASerializer%3Cviz%3A%3Amojom%3A%3ASharedQuadStateDataView%2C+mojo%3A%3AOptSharedQuadState%3E%3A%3ASerialize%28mojo%3A%3AOptSharedQuadState%26%2C+mojo%3A%3Ainternal%3A%3ABuffer*%2C+viz%3A%3Amojom%3A%3Ainternal%3A%3ASharedQuadState_Data%3A%3ABufferWriter*%2C+mojo%3A%3Ainternal%3A%3ASerializationContext*%29%27%29#-propertyselector,samplereports,productname:1000,-magicsignature:50,-magicsignature2:50,-stablesignature:50,+day


Though as  issue 900271  there are still methods for triggering invariants on Mac.

Issue 876818 has been merged into this issue.

It appears that half of these "<viz::mojom::SharedQuadStateDataView, mojo::OptSharedQuadState>" are caused by issue 852294. Which is a cpu bug that we can't fix.

Further breakdown shows ClientLayerTreeFrameSink::SubmitCompositorFrame crashes ending after 68.0.3440.106

Except for ChromeOS, which has a non surface invariants crash on 68.0.3440.118. Where the crash is serializing <ui::mojom::LatencyComponentDataView, ui::LatencyInfo::LatencyComponent const>

I'll look at the bisect between 106 and 118 to see if anything stands out, and will look into the Mac side errors

Note that ClientLayerTreeFrameSink has been renamed to AsyncLayerTreeFrameSink.

The original Surface Invariants violations appear to have all been addressed. The remaining crashes I have investigated in 906070, and appear to be memory corrupt before a system resume.

I'm marking this as fixed.