Search Issue Tracker
Fixed
Fixed in 1.8.25
Votes
1
Found in [Package]
1.8.24
Issue ID
BUR-2885
Regression
Yes
Crash on burst.initialize when Armv9 Security Features are enabled using Pixel 8/9 (Android 15) devices in a specific project
Reproduction steps:
1. Open the attached “IN-111086“ project
2. Build and Run the Android Player
3. Observe the Player crash
Reproducible with: 1.8.22, 1.8.24 (2022.3.63f1), 1.8.24 (2022.3.64f1, 2022.3.65f1)
Not reproducible with: 1.8.21 (2022.3.63f1), 1.8.22 (6000.0.46f1), 1.8.24 (6000.0.55f1, 6000.1.15f1, 6000.2.0b13, 6000.3.0a4)
Reproducible environments: macOS 15.5
Not reproducible environments: No other environments tested
Reproducible with these devices:
VLNQA00641 - Google Pixel 9 (Pixel 9), CPU: -, GPU: Mali-G715, OS: 15
Reporter’s info - Google Pixel 8, OS: 15
Not reproducible with these devices:
VLNQA00460 - Google Pixel 6 (Pixel 6), CPU: Google Tensor (Whitechapel), GPU: Mali-G78, OS: 14
VLNQA00519 - Google Pixel 4 (Pixel 4), CPU: Snapdragon 855 SM8150, GPU: Adreno 640, OS: 12
Workarounds:
a) Uncheck the “Enable Armv9 Security Features” setting in Player Settings
b) Uncheck the “Enable Burst Compilation” setting in Burst AOT Settings
First lines of stack trace:
#00 pc 0000000000013aa0 (burst.initialize) (BuildId: aa6bdd9f82aa8984)
#01 pc 00000000003c9af8 (BurstCompilerService::LoadBurstLibrary(char const)+276) (BuildId: 02015bda5b93a81a)
#02 pc 00000000003ca67c (BurstCompilerService::AttemptLoadAdditionalBurstLibrary(core::basic_string<char, core::StringStorageDefault<char> >)+152) (BuildId: 02015bda5b93a81a)
#03 pc 00000000003ca3b0 (BurstCompilerService::DynamicResolve(ScriptingMethodPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+236) (BuildId: 02015bda5b93a81a)
#04 pc 00000000003c9370 (BurstCompilerService::CompileAsync(ScriptingMethodPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+120) (BuildId: 02015bda5b93a81a)
#05 pc 00000000003c92d8 (BurstCompilerService::CompileAsync(ScriptingObjectPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+276) (BuildId: 02015bda5b93a81a)
#06 pc 00000000003ca8e8 (CompileAsyncDelegateMethod(ScriptingObjectPtr, char const)+136) (BuildId: 02015bda5b93a81a)
#07 pc 0000000000359dc4 (BurstCompilerService_CUSTOM_CompileAsyncDelegateMethod(ScriptingBackendNativeObjectPtrOpaque, ScriptingBackendNativeStringPtrOpaque*)+212) (BuildId: 02015bda5b93a81a)
Comments (2)
-
Neonlyte
Aug 09, 2025 06:37
To add, disabling armv9 security features did nothing. to help. Disabling Burst obviously helped for me, but that defeats the purpose.
-
Neonlyte
Aug 09, 2025 06:23
I have the same issue with 6000.1.13f1 using both 1.8.23 and 1.8.24 with my project.
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Video does not play in macOS build when built app is placed in a path with a space in it on a specific project
- Crash on AuxWindowManager::OnGotFocus when trying to maximize a tab while Visual Effect Graph window is open
- “NullReferenceException: Object reference not set to an instance of an object” error is thrown when
- [Metal] Game freezes after command buffer Timeout error
- Addressables Report window UI is broken when opening via Build > New Build > Default Build Script
Resolution Note (fix version 1.8.25):
One of the security features enabled with "Enable ARMv9 Security Features" is Branch Target Identification (BTI). In short, BTI is a counter measure against return and jump oriented programming. The idea is that indirect jumps and calls must land on a special bti instruction.
However, due to a change in LLVM 19, Burst did not emit these bti landing pads as it should. We have fixed that now.