STR: In a debug build: Open https://jyavenard.github.io/mse-in-workers-demo/mse-in-workers-demo.html select "10s webm" Press start demo. Soon it will assert with: ``` (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x000000013a561728 JavaScriptCore`::WTFCrash() at Assertions.cpp:351:35 * frame #1: 0x000000011dac3e24 WebKit`WTFCrashWithInfo((null)=110, (null)="/Users/jyavenard/Work/webkit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/WeakPtr.h", (null)="T *WTF::WeakPtr<WebCore::AudioTrackPrivateClient>::operator->() const [T = WebCore::AudioTrackPrivateClient, WeakPtrImpl = WTF::DefaultWeakPtrImpl, PtrTraits = WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl>]", (null)=393) at Assertions.h:780:5 frame #2: 0x0000000120280108 WebKit`WTF::WeakPtr<WebCore::AudioTrackPrivateClient, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl>>::operator->(this=0x00000001042d0fe8) const at WeakPtr.h:110:9 frame #3: 0x000000012026ba54 WebKit`WebCore::AudioTrackPrivate::setConfiguration(this=0x00000001042d0fc0, configuration=0x000000016fd155e8) at AudioTrackPrivate.h:73:13 frame #4: 0x000000012026b600 WebKit`WebKit::AudioTrackPrivateRemote::updateConfiguration(this=0x00000001042d0fc0, configuration=0x000000016fd155b8) at AudioTrackPrivateRemote.cpp:84:5 frame #5: 0x00000001202709dc WebKit`WebKit::MediaPlayerPrivateRemote::remoteAudioTrackConfigurationChanged(this=0x00000001045b5e80, trackID=18343967263810149341, configuration=0x000000016fd155b8) at MediaPlayerPrivateRemote.cpp:724:15 frame #6: 0x000000011e139724 WebKit`auto void IPC::callMemberFunction<WebKit::MediaPlayerPrivateRemote, WebKit::MediaPlayerPrivateRemote, void (unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>>(this=0x000000016fd15500, args=0x000000016fd155b0, args=0x000000016fd155b8)(unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>&&)::'lambda'(auto&&...)::operator()<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>(auto&&...) const at HandleMessage.h:135:13 frame #7: 0x000000011e139604 WebKit`decltype(std::declval<WebKit::MediaPlayerPrivateRemote>()(std::declval<unsigned long long>(), std::declval<WebKit::AudioTrackPrivateRemoteConfiguration>())) std::__1::__invoke[abi:sn170006]<void IPC::callMemberFunction<WebKit::MediaPlayerPrivateRemote, WebKit::MediaPlayerPrivateRemote, void (unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>>(WebKit::MediaPlayerPrivateRemote*, void (WebKit::MediaPlayerPrivateRemote::*)(unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>&&)::'lambda'(auto&&...), unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>(__f=0x000000016fd15500, __args=0x000000016fd155b0, __args=0x000000016fd155b8) at invoke.h:340:25 frame #8: 0x000000011e1395cc WebKit`decltype(auto) std::__1::__apply_tuple_impl[abi:sn170006]<void IPC::callMemberFunction<WebKit::MediaPlayerPrivateRemote, WebKit::MediaPlayerPrivateRemote, void (unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>>(WebKit::MediaPlayerPrivateRemote*, void (WebKit::MediaPlayerPrivateRemote::*)(unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>&&)::'lambda'(auto&&...), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>, 0ul, 1ul>(__f=0x000000016fd15500, __t=size=2, (null)=__tuple_indices<0UL, 1UL> @ 0x000000016fd154bf) at tuple:1825:1 frame #9: 0x000000011e13957c WebKit`decltype(auto) std::__1::apply[abi:sn170006]<void IPC::callMemberFunction<WebKit::MediaPlayerPrivateRemote, WebKit::MediaPlayerPrivateRemote, void (unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>>(WebKit::MediaPlayerPrivateRemote*, void (WebKit::MediaPlayerPrivateRemote::*)(unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>&&)::'lambda'(auto&&...), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>>(__f=0x000000016fd15500, __t=size=2) at tuple:1834:1 frame #10: 0x000000011e138c6c WebKit`void IPC::callMemberFunction<WebKit::MediaPlayerPrivateRemote, WebKit::MediaPlayerPrivateRemote, void (unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&), std::__1::tuple<unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration>>(object=0x00000001045b5e80, function=(actual=0x0000000120270910 WebKit`WebKit::MediaPlayerPrivateRemote::remoteAudioTrackConfigurationChanged(unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&) at MediaPlayerPrivateRemote.cpp:717), tuple=size=2) at HandleMessage.h:133:5 frame #11: 0x000000011e129cac WebKit`void IPC::handleMessage<Messages::MediaPlayerPrivateRemote::RemoteAudioTrackConfigurationChanged, WebKit::MediaPlayerPrivateRemote, WebKit::MediaPlayerPrivateRemote, void (unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&)>(connection=0x000000010414def0, decoder=0x000000010436c360, object=0x00000001045b5e80, function=(actual=0x0000000120270910 WebKit`WebKit::MediaPlayerPrivateRemote::remoteAudioTrackConfigurationChanged(unsigned long long, WebKit::AudioTrackPrivateRemoteConfiguration&&) at MediaPlayerPrivateRemote.cpp:717)) at HandleMessage.h:235:9 frame #12: 0x000000011e127f94 WebKit`WebKit::MediaPlayerPrivateRemote::didReceiveMessage(this=0x00000001045b5e80, connection=0x000000010414def0, decoder=0x000000010436c360) at MediaPlayerPrivateRemoteMessageReceiver.cpp:124:16 frame #13: 0x00000001202fd6c0 WebKit`WebKit::RemoteMediaPlayerManager::didReceivePlayerMessage(this=0x0000000104020100, connection=0x000000010414def0, decoder=0x000000010436c360) at RemoteMediaPlayerManager.cpp:235:17 frame #14: 0x0000000120079ed8 WebKit`WebKit::GPUProcessConnection::dispatchMessage(this=0x000000010415c300, connection=0x000000010414def0, decoder=0x000000010436c360) at GPUProcessConnection.cpp:227:60 frame #15: 0x000000011ea3b600 WebKit`WebKit::GPUProcessConnection::didReceiveMessage(this=0x000000010415c300, connection=0x000000010414def0, decoder=0x000000010436c360) at GPUProcessConnectionMessageReceiver.cpp:70:9 frame #16: 0x00000001213b68e4 WebKit`IPC::Connection::dispatchMessage(this=0x000000010414def0, decoder=0x000000010436c360) at Connection.cpp:1244:15 frame #17: 0x00000001213b6d7c WebKit`IPC::Connection::dispatchMessage(this=0x000000010414def0, message=UniqueRef<IPC::Decoder> @ 0x000000016fd15fd0) at Connection.cpp:1292:9 frame #18: 0x00000001213b70d0 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000010414def0) at Connection.cpp:1357:5 frame #19: 0x00000001213d4758 WebKit`IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14::operator()(this=0x00000001042ac208) const at Connection.cpp:1206:28 frame #20: 0x00000001213d4698 WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_14, void>::call(this=0x00000001042ac200) at Function.h:53:39 frame #21: 0x000000013c4a88fc JavaScriptCore`WTF::Function<void ()>::operator()(this=0x000000016fd160c0) const at Function.h:82:35 frame #22: 0x000000013a63d830 JavaScriptCore`WTF::RunLoop::performWork(this=0x0000000104018180) at RunLoop.cpp:147:9 frame #23: 0x000000013a642154 JavaScriptCore`WTF::RunLoop::performWork(context=0x0000000104018180) at RunLoopCF.cpp:46:37 frame #24: 0x0000000187909eb0 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 frame #25: 0x0000000187909e44 CoreFoundation`__CFRunLoopDoSource0 + 176 frame #26: 0x0000000187909bb4 CoreFoundation`__CFRunLoopDoSources0 + 244 frame #27: 0x00000001879087a0 CoreFoundation`__CFRunLoopRun + 828 frame #28: 0x0000000187907e0c CoreFoundation`CFRunLoopRunSpecific + 608 frame #29: 0x0000000188a3b028 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #30: 0x0000000188ab4224 Foundation`-[NSRunLoop(NSRunLoop) run] + 64 frame #31: 0x0000000187543694 libxpc.dylib`_xpc_objc_main + 684 frame #32: 0x0000000187552f80 libxpc.dylib`_xpc_main + 324 frame #33: 0x0000000187543240 libxpc.dylib`xpc_main + 64 frame #34: 0x000000011ec38dc4 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016fd174d8) at XPCServiceMain.mm:256:5 frame #35: 0x00000001213171b8 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016fd174d8, (null)=0x0000000000000000, darwinEnvp=0x000000016fd17600) at WKMain.mm:42:12 frame #36: 0x00000001000ebf9c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016fd174d8, (null)=0x000000016fd174e8, darwinEnvp=0x000000016fd17600) at AuxiliaryProcessMain.cpp:32:12 frame #37: 0x00000001874a20e0 dyld`start + 2360 ``` The reason for this crash is that a TrackPrivate used to be use for a single Track at a time, the Track being a TrackPrivateClient and the MediaPlayerPrivateRemote a client of the `TrackPrivate`. However, when MSE run in a worker; the AudioTrackPrivate is used as backend for two AudioTrack ; the one living in the main process and referenced by the HTMLMediaElement, and the AudioTrack in the worker referenced by SourceBuffer. As a TrackPrivate can only have a single client at a time, the last one set wins ; and in this particular case this is the SourceBuffer Trying to dereference a WeakPtr created on the worker on the main thread will assert. We should add support for multiple clients, and have a way to specify which thread the client should be called back on.