Finding Lel0_synchronous_vector_64_long:

• Find string xref "\"cpu_data_alloc() failed\n\"" (in _ml_processor_register)
• Next instructions should be mov x19, 0; mov x0, x19; bl _cpu_data_init;. The mov x0, x19 is also branched to after bzero call just to be sure.
• Go to _cpu_data_init. It'd initialize a lot of structure feilds to constants, and two of them would be set to ptrs. Right before the end, _exc_vectors_table would be referenced (after memset zeroing).
• _exc_vectors_table is an array of 12 function ptrs. Lel0_synchronous_vector_64_long is 9th (if counting starts at 1).

To verify:

• It should theoretically end with 25c (at least on devices without KTRR) due to how exception handlers are aligned
• Compare to Lel0_synchronous_vector_64_long in xnu sources.
• In the end it loads fleh_synchronous into x1 and branches to fleh_dispatch64. fleh_dispatch64 calls _sleh_synchronous. _sleh_synchronous references a lot of stuff, but one of the first string references is \"ESR (0x%x) for instruction trapped from U32, but saved state is 64-bit.\".