Search Issue Tracker
Fixed
Fixed in 1.8.25
Votes
1
Found in [Package]
1.8.24
Issue ID
BUR-2885
Regression
Yes
Crash on burst.initialize when Armv9 Security Features are enabled using Pixel 8/9 (Android 15) devices in a specific project
Reproduction steps:
1. Open the attached “IN-111086“ project
2. Build and Run the Android Player
3. Observe the Player crash
Reproducible with: 1.8.22, 1.8.24 (2022.3.63f1), 1.8.24 (2022.3.64f1, 2022.3.65f1)
Not reproducible with: 1.8.21 (2022.3.63f1), 1.8.22 (6000.0.46f1), 1.8.24 (6000.0.55f1, 6000.1.15f1, 6000.2.0b13, 6000.3.0a4)
Reproducible environments: macOS 15.5
Not reproducible environments: No other environments tested
Reproducible with these devices:
VLNQA00641 - Google Pixel 9 (Pixel 9), CPU: -, GPU: Mali-G715, OS: 15
Reporter’s info - Google Pixel 8, OS: 15
Not reproducible with these devices:
VLNQA00460 - Google Pixel 6 (Pixel 6), CPU: Google Tensor (Whitechapel), GPU: Mali-G78, OS: 14
VLNQA00519 - Google Pixel 4 (Pixel 4), CPU: Snapdragon 855 SM8150, GPU: Adreno 640, OS: 12
Workarounds:
a) Uncheck the “Enable Armv9 Security Features” setting in Player Settings
b) Uncheck the “Enable Burst Compilation” setting in Burst AOT Settings
First lines of stack trace:
#00 pc 0000000000013aa0 (burst.initialize) (BuildId: aa6bdd9f82aa8984)
#01 pc 00000000003c9af8 (BurstCompilerService::LoadBurstLibrary(char const)+276) (BuildId: 02015bda5b93a81a)
#02 pc 00000000003ca67c (BurstCompilerService::AttemptLoadAdditionalBurstLibrary(core::basic_string<char, core::StringStorageDefault<char> >)+152) (BuildId: 02015bda5b93a81a)
#03 pc 00000000003ca3b0 (BurstCompilerService::DynamicResolve(ScriptingMethodPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+236) (BuildId: 02015bda5b93a81a)
#04 pc 00000000003c9370 (BurstCompilerService::CompileAsync(ScriptingMethodPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+120) (BuildId: 02015bda5b93a81a)
#05 pc 00000000003c92d8 (BurstCompilerService::CompileAsync(ScriptingObjectPtr, void, int, void ()(void, int, void), void ()(void, BurstLogType, char const, char const, int), char const)+276) (BuildId: 02015bda5b93a81a)
#06 pc 00000000003ca8e8 (CompileAsyncDelegateMethod(ScriptingObjectPtr, char const)+136) (BuildId: 02015bda5b93a81a)
#07 pc 0000000000359dc4 (BurstCompilerService_CUSTOM_CompileAsyncDelegateMethod(ScriptingBackendNativeObjectPtrOpaque, ScriptingBackendNativeStringPtrOpaque*)+212) (BuildId: 02015bda5b93a81a)
Comments (2)
-
Neonlyte
Aug 09, 2025 06:37
To add, disabling armv9 security features did nothing. to help. Disabling Burst obviously helped for me, but that defeats the purpose.
-
Neonlyte
Aug 09, 2025 06:23
I have the same issue with 6000.1.13f1 using both 1.8.23 and 1.8.24 with my project.
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- “Remove Unused Overrides” available on not loaded Scene and throws “ArgumentException: The scene is not loaded” warning
- Adaptive Probe Volume occlusion edge is calculated incorrectly when viewing probes near geometry edges
- Sampling a texture using an HLSL file throws shader errors and the code does not compile
- "Graphics.CopyTexture called with null source texture" error when Base Camera of an Overlay Camera is removed with DX11 Graphics API and Compatibility Mode enabled
- WebGL sends wrong value with large numbers when SendMessage function is used
Resolution Note (fix version 1.8.25):
One of the security features enabled with "Enable ARMv9 Security Features" is Branch Target Identification (BTI). In short, BTI is a counter measure against return and jump oriented programming. The idea is that indirect jumps and calls must land on a special bti instruction.
However, due to a change in LLVM 19, Burst did not emit these bti landing pads as it should. We have fixed that now.