Our --site-per-process and --isolate-origins trials on Android are both experiencing low-volume renderer kills for cookies and storage.  Based on past experience, having a mix of these kills suggests that we are somehow committing one site in a process locked to another site, and then the renderer gets killed depending on which IPC it tries to use first.

Links for kills on Dev (Canary is similar):

GetCookies:
https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Android%27+AND+product.Version+%3E%3D+%2771.0.3550.0%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27dev%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BRenderer+kill+79%5D+content%3A%3ARenderFrameMessageFilter%3A%3AGetCookies%27&compProp=expanded_custom_data.ChromeCrashProto.experiments.ids&v1=ff29b1bd-cb09d430&v2=ff29b1bd-81afe449

SetCookie:
https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Android%27+AND+product.Version+%3E%3D+%2771.0.3550.0%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27dev%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BRenderer+kill+78%5D+content%3A%3ARenderFrameMessageFilter%3A%3ASetCookie%27&compProp=expanded_custom_data.ChromeCrashProto.experiments.ids&v1=ff29b1bd-cb09d430&v2=ff29b1bd-81afe449

localStorage:
https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Android%27+AND+product.Version+%3E%3D+%2771.0.3550.0%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27dev%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BRenderer+kill+123%5D+mojo%3A%3A%60anonymous+namespace%5C%27%3A%3ARunErrorCallback+-+Access+denied+for+localStorage+reques%27&compProp=expanded_custom_data.ChromeCrashProto.experiments.ids&v1=ff29b1bd-cb09d430&v2=ff29b1bd-81afe449

Some of these kills might also be showing up with the wrong signature (GetSiteForURL): see analysis in https://crbug.com/889673#c1.

Currently, the kills are fairly low-volume: the most prevalent is GetCookies with about ~11 per dev release.  However, these kills are currently the top crashes specific to site isolation seen on our dev trials, followed by RequestBeginMainFrameNotExpected crash in issue 838348.  

I don't see any patterns looking at crash key data for these kills: https://plx.corp.google.com/scripts2/script_5c._081948_0000_29f4_a81c_001a11c0ed82. The killed_process_origin_lock and requested_site_url correspond to seemingly random web sites.

Vast majority of these kills are on Android, with just a handful on other platforms (which could be legitimate kills), suggesting that there's probably some Android-specific codepath triggering this.  Having commit-time origin enforcements ( issue 770239 ) would likely help understand this, as we'd catch the condition triggering the kills (and relevant call stack) earlier.