Search Issue Tracker
Fixed
Fixed in 1.8.25
Votes
1
Found in [Package]
1.8.24
Issue ID
BUR-2885
Regression
Yes
Crash on burst.initialize when Armv9 Security Features are enabled using Pixel 8/9 (Android 15) devices in a specific project
Reproduction steps:
1. Open the attached “IN-111086“ project
2. Build and Run the Android Player
3. Observe the Player crash
Reproducible with: 1.8.22, 1.8.24 (2022.3.63f1), 1.8.24 (2022.3.64f1, 2022.3.65f1)
Not reproducible with: 1.8.21 (2022.3.63f1), 1.8.22 (6000.0.46f1), 1.8.24 (6000.0.55f1, 6000.1.15f1, 6000.2.0b13, 6000.3.0a4)
Reproducible environments: macOS 15.5
Not reproducible environments: No other environments tested
Reproducible with these devices:
VLNQA00641 - Google Pixel 9 (Pixel 9), CPU: -, GPU: Mali-G715, OS: 15
Reporter’s info - Google Pixel 8, OS: 15
Not reproducible with these devices:
VLNQA00460 - Google Pixel 6 (Pixel 6), CPU: Google Tensor (Whitechapel), GPU: Mali-G78, OS: 14
VLNQA00519 - Google Pixel 4 (Pixel 4), CPU: Snapdragon 855 SM8150, GPU: Adreno 640, OS: 12
Workarounds:
a) Uncheck the “Enable Armv9 Security Features” setting in Player Settings
b) Uncheck the “Enable Burst Compilation” setting in Burst AOT Settings
First lines of stack trace:
#00 pc 0000000000013aa0 (burst.initialize) (BuildId: aa6bdd9f82aa8984)
#01 pc 00000000003c9af8 (BurstCompilerService::LoadBurstLibrary(char const)+276) (BuildId: 02015bda5b93a81a)
#02 pc 00000000003ca67c (BurstCompilerService::AttemptLoadAdditionalBurstLibrary(core::basic_string<char, core::StringStorageDefault<char> >)+152) (BuildId: 02015bda5b93a81a)
#03 pc 00000000003ca3b0 (BurstCompilerService::DynamicResolve(ScriptingMethodPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+236) (BuildId: 02015bda5b93a81a)
#04 pc 00000000003c9370 (BurstCompilerService::CompileAsync(ScriptingMethodPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+120) (BuildId: 02015bda5b93a81a)
#05 pc 00000000003c92d8 (BurstCompilerService::CompileAsync(ScriptingObjectPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+276) (BuildId: 02015bda5b93a81a)
#06 pc 00000000003ca8e8 (CompileAsyncDelegateMethod(ScriptingObjectPtr, char const)+136) (BuildId: 02015bda5b93a81a)
#07 pc 0000000000359dc4 (BurstCompilerService_CUSTOM_CompileAsyncDelegateMethod(ScriptingBackendNativeObjectPtrOpaque, ScriptingBackendNativeStringPtrOpaque*)+212) (BuildId: 02015bda5b93a81a)
Comments (2)
-
Neonlyte
Aug 09, 2025 06:37
To add, disabling armv9 security features did nothing. to help. Disabling Burst obviously helped for me, but that defeats the purpose.
-
Neonlyte
Aug 09, 2025 06:23
I have the same issue with 6000.1.13f1 using both 1.8.23 and 1.8.24 with my project.
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Out-of-bounds memory access with multiple CanvasRenderers under a Canvas when using Mesh API
- Inspector tries to access file after it was deleted when the file was locked in Inspector window
- Changing Transform values in Search window Inspector loses focus while dragging and stopping mouse without releasing dragging action
- Saving changes on the dirty VFX Graph during the Play mode throws "The referenced script (Unknown) on this Behaviour is missing!" warnings
- VFX Graph Debug Info overlaps the "Initialize" block debug info by default
Resolution Note (fix version 1.8.25):
One of the security features enabled with "Enable ARMv9 Security Features" is Branch Target Identification (BTI). In short, BTI is a counter measure against return and jump oriented programming. The idea is that indirect jumps and calls must land on a special bti instruction.
However, due to a change in LLVM 19, Burst did not emit these bti landing pads as it should. We have fixed that now.