`internal-error` in `keystatuseschange` is not handled well

[Wenjie-Shao]

What version of Hls.js are you using?

1.5.7

What browser (including version) are you using?

Chrome 119.0.6045.199

What OS (including version) are you using?

Mac OS 13.6

Test stream

No response

Configuration

{
  "debug": true,
  "enableWorker": true,
  "lowLatencyMode": true,
  "backBufferLength": 90,
  "widevineLicenseUrl": "", /* I can not provide this for security reason */
  "emeEnabled": true
}

}

Additional player setup steps

Nothing

Checklist

• [X] The issue observed is not already reported by searching on Github under https://github.com/video-dev/hls.js/issues
• [X] The issue occurs in the stable client (latest release) on https://hlsjs.video-dev.org/demo and not just on my page
• [X] The issue occurs in the latest client (main branch) on https://hlsjs-dev.video-dev.org/demo and not just on my page
• [X] The stream has correct Access-Control-Allow-Origin headers (CORS)
• [X] There are no network errors such as 404s in the browser console when trying to play the stream

Steps to reproduce

The error could be reproduced in the demo page. But I can not provide a test stream for security reason. If you need one please email me wenjieshao@tubi.tv .

Expected behaviour

The DRM content that can not be played, should throw out an error.

What actually happened?

The content will stop without any error playing after several seconds. I filtered the output log by eme. You can see the key status changed from usable to internal-error. But the hls instance didn't throw out any error. It just waiting for new session, which is useless.

Console output

[log] > [eme] Access for key-system "com.widevine.alpha" obtained
eme-controller.ts:164 [log] > [eme] No Server Certificate in config.drmSystems["com.widevine.alpha"]
eme-controller.ts:281 [log] > [eme] Create media-keys for "com.widevine.alpha"
eme-controller.ts:285 [log] > [eme] Media-keys created for "com.widevine.alpha"
eme-controller.ts:429 [log] > [eme] Starting session for key (keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b format: "urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" method: SAMPLE-AES-CTR uri: data:text/plain;base64,AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgSECtLyK1MmkvCr8voZTCwtHtI49yVmwY=)
eme-controller.ts:437 [log] > [eme] Handle encrypted media sn: 0 main: 0 using key (keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b format: "urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" method: SAMPLE-AES-CTR uri: data:text/plain;base64,AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgSECtLyK1MmkvCr8voZTCwtHtI49yVmwY=)
eme-controller.ts:664 [log] > [eme] Setting media-keys for "com.widevine.alpha"
eme-controller.ts:677 [log] > [eme] Media-keys set for "com.widevine.alpha"
eme-controller.ts:319 [log] > [eme] Creating key-system session "com.widevine.alpha" keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b
eme-controller.ts:724 [log] > [eme] Generating key-session request for "playlist-key": 2b4bc8ad4c9a4bc2afcbe86530b0b47b (init data type: cenc length: 56)
eme-controller.ts:824 [log] > [eme] Request generated for key-session "7BB0E49D60696D529D7A0DC1A15E02D1" keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b
eme-controller.ts:739 [log] > [eme] "license-request" message event for session "7BB0E49D60696D529D7A0DC1A15E02D1" message size: 2
eme-controller.ts:1143 [log] > [eme] Sending license request to URL: https://license.adrise.tv/challenge?platform=amazon&type=widevine_psshv0&external_id=9C3927074EF56A58BB354D27E29BA2F6&drm_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbmFsb2dfb3V0IjoiYWxsX2FuYWxvZ19wcm90ZWN0aW9ucyIsImV4cCI6MTcxNjEwMDUwMCwiaGRjcCI6InYxIiwicHJfc2VjdXJpdHlfbGV2ZWwiOjIwMDAsInd2X3NlY3VyaXR5X2xldmVsIjoyfQ.sFTIoT5gDc1Fiwf3SOOh_ak6jix1sTIGxeSITZ_4_jw
eme-controller.ts:1154 [log] > [eme] License received 702
eme-controller.ts:376 [log] > [eme] Updating key-session "7BB0E49D60696D529D7A0DC1A15E02D1" for keyID 2b4bc8ad4c9a4bc2afcbe86530b0b47b
      } (data length: 702)
eme-controller.ts:739 [log] > [eme] "license-request" message event for session "7BB0E49D60696D529D7A0DC1A15E02D1" message size: 3906
eme-controller.ts:1143 [log] > [eme] Sending license request to URL: https://license.adrise.tv/challenge?platform=amazon&type=widevine_psshv0&external_id=9C3927074EF56A58BB354D27E29BA2F6&drm_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbmFsb2dfb3V0IjoiYWxsX2FuYWxvZ19wcm90ZWN0aW9ucyIsImV4cCI6MTcxNjEwMDUwMCwiaGRjcCI6InYxIiwicHJfc2VjdXJpdHlfbGV2ZWwiOjIwMDAsInd2X3NlY3VyaXR5X2xldmVsIjoyfQ.sFTIoT5gDc1Fiwf3SOOh_ak6jix1sTIGxeSITZ_4_jw
eme-controller.ts:1154 [log] > [eme] License received 556
eme-controller.ts:376 [log] > [eme] Updating key-session "7BB0E49D60696D529D7A0DC1A15E02D1" for keyID 2b4bc8ad4c9a4bc2afcbe86530b0b47b
      } (data length: 556)
eme-controller.ts:854 [log] > [eme] key status change "usable" for keyStatuses keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b session keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b uri: data:text/plain;base64,AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgSECtLyK1MmkvCr8voZTCwtHtI49yVmwY=
5eme-controller.ts:533 [debug] > [eme] "encrypted" event: init data type: "cenc"
eme-controller.ts:854 [log] > [eme] key status change "internal-error" for keyStatuses keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b session keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b uri: data:text/plain;base64,AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgSECtLyK1MmkvCr8voZTCwtHtI49yVmwY=
eme-controller.ts:655 [log] > [eme] "waitingforkey" event
75eme-controller.ts:429 [log] > [eme] Starting session for key (keyId: 2b4bc8ad4c9a4bc2afcbe86530b0b47b format: "urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" method: SAMPLE-AES-CTR uri: data:text/plain;base64,AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgSECtLyK1MmkvCr8voZTCwtHtI49yVmwY=)

### Chrome media internals output

_No response_

[robwalch]

In my testing the key-status changed to 'output-restricted' which results in HDCP level filtering (but not HDCP levels were specified). As all variants share the same key, none of them are playable. Adding an HDCP-LEVEL attribute to each variant would result in skipping attempts to load other levels with the same HDCP level or higher. The error should surface as fatal faster this way.

I can't speak to why you got a "internal-error" status. I saw a mention of this being related to the device not having the resources to the handle another key-system session. According to the spec this status is not actionable.:

https://www.w3.org/TR/encrypted-media/#dom-mediakeystatus-internal-error

internal-error | The key is not currently usable for decryption because of an error in
the CDM unrelated to the other values. This value is not actionable by the application.

We could treat it like output-restricted but it looks like this already should be escalated to fatal. You should be able to handle it yourself, and without handling it, hls.js is expected to stop on fatal errors:

https://github.com/video-dev/hls.js/blob/3e6987b7abe43661f20bad5a1174113f6dcdd74b/src/controller/eme-controller.ts#L791-L801

What do you think @Wenjie-Shao? What is your expectation for this state given that it is not an error hls.js can recover from?