Search Issue Tracker
Fixed
Fixed in 1.8.25
Votes
1
Found in [Package]
1.8.24
Issue ID
BUR-2885
Regression
Yes
Crash on burst.initialize when Armv9 Security Features are enabled using Pixel 8/9 (Android 15) devices in a specific project
Reproduction steps:
1. Open the attached “IN-111086“ project
2. Build and Run the Android Player
3. Observe the Player crash
Reproducible with: 1.8.22, 1.8.24 (2022.3.63f1), 1.8.24 (2022.3.64f1, 2022.3.65f1)
Not reproducible with: 1.8.21 (2022.3.63f1), 1.8.22 (6000.0.46f1), 1.8.24 (6000.0.55f1, 6000.1.15f1, 6000.2.0b13, 6000.3.0a4)
Reproducible environments: macOS 15.5
Not reproducible environments: No other environments tested
Reproducible with these devices:
VLNQA00641 - Google Pixel 9 (Pixel 9), CPU: -, GPU: Mali-G715, OS: 15
Reporter’s info - Google Pixel 8, OS: 15
Not reproducible with these devices:
VLNQA00460 - Google Pixel 6 (Pixel 6), CPU: Google Tensor (Whitechapel), GPU: Mali-G78, OS: 14
VLNQA00519 - Google Pixel 4 (Pixel 4), CPU: Snapdragon 855 SM8150, GPU: Adreno 640, OS: 12
Workarounds:
a) Uncheck the “Enable Armv9 Security Features” setting in Player Settings
b) Uncheck the “Enable Burst Compilation” setting in Burst AOT Settings
First lines of stack trace:
#00 pc 0000000000013aa0 (burst.initialize) (BuildId: aa6bdd9f82aa8984)
#01 pc 00000000003c9af8 (BurstCompilerService::LoadBurstLibrary(char const*)+276) (BuildId: 02015bda5b93a81a)
#02 pc 00000000003ca67c (BurstCompilerService::AttemptLoadAdditionalBurstLibrary(core::basic_string<char, core::StringStorageDefault<char> >)+152) (BuildId: 02015bda5b93a81a)
#03 pc 00000000003ca3b0 (BurstCompilerService::DynamicResolve(ScriptingMethodPtr, void*, int, void ()(void, int, void*), void ()(void, BurstLogType, char const*, char const*, int), char const*)+236) (BuildId: 02015bda5b93a81a)
#04 pc 00000000003c9370 (BurstCompilerService::CompileAsync(ScriptingMethodPtr, void*, int, void ()(void, int, void*), void ()(void, BurstLogType, char const*, char const*, int), char const*)+120) (BuildId: 02015bda5b93a81a)
#05 pc 00000000003c92d8 (BurstCompilerService::CompileAsync(ScriptingObjectPtr, void*, int, void ()(void, int, void*), void ()(void, BurstLogType, char const*, char const*, int), char const*)+276) (BuildId: 02015bda5b93a81a)
#06 pc 00000000003ca8e8 (CompileAsyncDelegateMethod(ScriptingObjectPtr, char const*)+136) (BuildId: 02015bda5b93a81a)
#07 pc 0000000000359dc4 (BurstCompilerService_CUSTOM_CompileAsyncDelegateMethod(ScriptingBackendNativeObjectPtrOpaque*, ScriptingBackendNativeStringPtrOpaque*)+212) (BuildId: 02015bda5b93a81a)
Comments (2)
-
Neonlyte
Aug 09, 2025 06:37
To add, disabling armv9 security features did nothing. to help. Disabling Burst obviously helped for me, but that defeats the purpose.
-
Neonlyte
Aug 09, 2025 06:23
I have the same issue with 6000.1.13f1 using both 1.8.23 and 1.8.24 with my project.
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- Opening Terrain Prefab in Prefab Editing Mode throws "NullReferenceException" error
- [Search] Dragging query pills put them behind the search text field
- A CustomPropertyDrawer that returns a PropertyField for a property named the same as a child field will not render all child fields
- Graphics Settings shows default values instead of the real values in the Rendering Debugger when Volume.profile is assigned via script
- Deleting multiple Tags throws “NullReferenceException”, and "Retrieving array element that was out of bounds" errors when holding the Enter key
Resolution Note (fix version 1.8.25):
One of the security features enabled with "Enable ARMv9 Security Features" is Branch Target Identification (BTI). In short, BTI is a counter measure against return and jump oriented programming. The idea is that indirect jumps and calls must land on a special bti instruction.
However, due to a change in LLVM 19, Burst did not emit these bti landing pads as it should. We have fixed that now.