------------------------------------- Translated Report (Full Report Below) ------------------------------------- Incident Identifier: 76EC8391-9A48-44D9-8FFB-AF1CE5553209 CrashReporter Key: 9aa09fbaf03597169a066ac3afb13bb7f0f7e4d5 Hardware Model: iPhone17,1 Process: bluetoothd [96] Path: /usr/sbin/bluetoothd Identifier: bluetoothd Version: ??? Code Type: ARM-64 (Native) Role: Unspecified Parent Process: launchd [1] Coalition: com.apple.bluetoothd [131] Date/Time: 2025-01-17 08:09:58.6074 -0500 Launch Time: 2025-01-11 19:56:26.6427 -0500 OS Version: iPhone OS 18.2.1 (22C161) Release Type: User Baseband Version: 1.21.05 Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGKILL) Exception Subtype: KERN_INVALID_ADDRESS at 0x003d800000182159 -> 0x0000000000182159 (possible pointer authentication failure) Exception Codes: 0x0000000000000001, 0x003d800000182159 VM Region Info: 0x182159 is not in any region. Bytes before following region: 4366065319 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 104550000-104ee4000 [ 9808K] r-x/r-x SM=COW /usr/sbin/bluetoothd Termination Reason: PAC_EXCEPTION 1 Triggered by Thread: 9 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0: 0 libsystem_kernel.dylib 0x1eb406788 mach_msg2_trap + 8 1 libsystem_kernel.dylib 0x1eb409e98 mach_msg2_internal + 80 2 libsystem_kernel.dylib 0x1eb409db0 mach_msg_overwrite + 424 3 libsystem_kernel.dylib 0x1eb409bfc mach_msg + 24 4 CoreFoundation 0x199e1e7f4 __CFRunLoopServiceMachPort + 160 5 CoreFoundation 0x199e1dea0 __CFRunLoopRun + 1212 6 CoreFoundation 0x199e70274 CFRunLoopRunSpecific + 588 7 CoreFoundation 0x199e83814 CFRunLoopRun + 64 8 bluetoothd 0x1045d12b0 0x104550000 + 529072 9 dyld 0x1c0044de8 start + 2724 Thread 1 name: StackLoop Thread 1: 0 libsystem_kernel.dylib 0x1eb40c090 __psynch_cvwait + 8 1 libsystem_pthread.dylib 0x224a17fc4 _pthread_cond_wait + 1248 2 bluetoothd 0x10455b43c 0x104550000 + 46140 3 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 4 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 2 name: hci_rx Thread 2: 0 libsystem_kernel.dylib 0x1eb40d4cc kevent + 8 1 bluetoothd 0x10457322c 0x104550000 + 143916 2 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 3 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 3 name: acl_rx Thread 3: 0 libsystem_kernel.dylib 0x1eb40d4cc kevent + 8 1 bluetoothd 0x10457322c 0x104550000 + 143916 2 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 3 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 4 name: sco_rx Thread 4: 0 libsystem_kernel.dylib 0x1eb40d4cc kevent + 8 1 bluetoothd 0x104573100 0x104550000 + 143616 2 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 3 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 5 name: TxLoop Thread 5: 0 libsystem_kernel.dylib 0x1eb40c090 __psynch_cvwait + 8 1 libsystem_pthread.dylib 0x224a17f98 _pthread_cond_wait + 1204 2 bluetoothd 0x1046535f8 0x104550000 + 1062392 3 bluetoothd 0x104745874 0x104550000 + 2054260 4 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 5 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 6 name: AudioSkywalkPipeReadLoop Thread 6: 0 libsystem_kernel.dylib 0x1eb40d4cc kevent + 8 1 bluetoothd 0x104a59f3c 0x104550000 + 5283644 2 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 3 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 7: 0 libsystem_pthread.dylib 0x224a1546c start_wqthread + 0 Thread 8 name: Dispatch queue: com.apple.bluetooth.root Thread 8: 0 bluetoothd 0x10479d230 0x104550000 + 2413104 1 bluetoothd 0x104a4a148 0x104550000 + 5218632 2 bluetoothd 0x104a3974c 0x104550000 + 5150540 3 bluetoothd 0x104a31cb0 0x104550000 + 5119152 4 bluetoothd 0x104a31a14 0x104550000 + 5118484 5 bluetoothd 0x104a09ab0 0x104550000 + 4954800 6 libdispatch.dylib 0x1a1b5a248 _dispatch_call_block_and_release + 32 7 libdispatch.dylib 0x1a1b5bfa8 _dispatch_client_callout + 20 8 libdispatch.dylib 0x1a1b635cc _dispatch_lane_serial_drain + 768 9 libdispatch.dylib 0x1a1b64158 _dispatch_lane_invoke + 432 10 libdispatch.dylib 0x1a1b6f38c _dispatch_root_queue_drain_deferred_wlh + 288 11 libdispatch.dylib 0x1a1b6ebd8 _dispatch_workloop_worker_thread + 540 12 libsystem_pthread.dylib 0x224a17680 _pthread_wqthread + 288 13 libsystem_pthread.dylib 0x224a15474 start_wqthread + 8 Thread 9 name: Dispatch queue: com.apple.bluetooth.coreBluetooth Thread 9 Crashed: 0 bluetoothd 0x104581618 0x104550000 + 202264 1 bluetoothd 0x1045815ac 0x104550000 + 202156 2 bluetoothd 0x104a4d470 0x104550000 + 5231728 3 bluetoothd 0x104bdb670 0x104550000 + 6862448 4 bluetoothd 0x104bdc038 0x104550000 + 6864952 5 bluetoothd 0x104bdfbc4 0x104550000 + 6880196 6 bluetoothd 0x104bf21b4 0x104550000 + 6955444 7 libdispatch.dylib 0x1a1b5a248 _dispatch_call_block_and_release + 32 8 libdispatch.dylib 0x1a1b5bfa8 _dispatch_client_callout + 20 9 libdispatch.dylib 0x1a1b635cc _dispatch_lane_serial_drain + 768 10 libdispatch.dylib 0x1a1b64158 _dispatch_lane_invoke + 432 11 libdispatch.dylib 0x1a1b6f38c _dispatch_root_queue_drain_deferred_wlh + 288 12 libdispatch.dylib 0x1a1b6ebd8 _dispatch_workloop_worker_thread + 540 13 libsystem_pthread.dylib 0x224a17680 _pthread_wqthread + 288 14 libsystem_pthread.dylib 0x224a15474 start_wqthread + 8 Thread 10 name: Dispatch queue: com.apple.locationd-76 Thread 10: 0 libsystem_kernel.dylib 0x1eb4064e4 kevent_id + 8 1 libdispatch.dylib 0x1a1b7eb40 _dispatch_kq_poll + 228 2 libdispatch.dylib 0x1a1b7f54c _dispatch_event_loop_wait_for_ownership + 436 3 libdispatch.dylib 0x1a1b6bacc __DISPATCH_WAIT_FOR_QUEUE__ + 340 4 libdispatch.dylib 0x1a1b6b694 _dispatch_sync_f_slow + 148 5 bluetoothd 0x104569840 0x104550000 + 104512 6 bluetoothd 0x104ae2570 0x104550000 + 5842288 7 bluetoothd 0x1045663d8 0x104550000 + 91096 8 bluetoothd 0x104566078 0x104550000 + 90232 9 libxpc.dylib 0x224a70b10 _xpc_connection_call_event_handler + 144 10 libxpc.dylib 0x224a7268c _xpc_connection_mach_event + 1140 11 libdispatch.dylib 0x1a1b5c068 _dispatch_client_callout4 + 20 12 libdispatch.dylib 0x1a1b78424 _dispatch_mach_msg_invoke + 464 13 libdispatch.dylib 0x1a1b6342c _dispatch_lane_serial_drain + 352 14 libdispatch.dylib 0x1a1b79178 _dispatch_mach_invoke + 456 15 libdispatch.dylib 0x1a1b6342c _dispatch_lane_serial_drain + 352 16 libdispatch.dylib 0x1a1b64158 _dispatch_lane_invoke + 432 17 libdispatch.dylib 0x1a1b655c0 _dispatch_workloop_invoke + 1744 18 libdispatch.dylib 0x1a1b6f38c _dispatch_root_queue_drain_deferred_wlh + 288 19 libdispatch.dylib 0x1a1b6ebd8 _dispatch_workloop_worker_thread + 540 20 libsystem_pthread.dylib 0x224a17680 _pthread_wqthread + 288 21 libsystem_pthread.dylib 0x224a15474 start_wqthread + 8 Thread 11: 0 libsystem_pthread.dylib 0x224a1546c start_wqthread + 0 Thread 12 name: AudioSession - RootQueue Thread 12: 0 libsystem_kernel.dylib 0x1eb40671c semaphore_timedwait_trap + 8 1 libdispatch.dylib 0x1a1b5c5c0 _dispatch_sema4_timedwait + 64 2 libdispatch.dylib 0x1a1b5cbc0 _dispatch_semaphore_wait_slow + 76 3 libdispatch.dylib 0x1a1b6dc94 _dispatch_worker_thread + 324 4 libsystem_pthread.dylib 0x224a157d0 _pthread_start + 136 5 libsystem_pthread.dylib 0x224a15480 thread_start + 8 Thread 13 name: Dispatch queue: com.apple.bluetooth.ClassicScan Thread 13: 0 libsystem_kernel.dylib 0x1eb40c2b0 __semwait_signal + 8 1 libsystem_c.dylib 0x1a1bb65cc nanosleep + 220 2 libsystem_c.dylib 0x1a1bb64e4 usleep + 68 3 bluetoothd 0x104a3fc44 0x104550000 + 5176388 4 bluetoothd 0x104a003f4 0x104550000 + 4916212 5 libdispatch.dylib 0x1a1b5bfa8 _dispatch_client_callout + 20 6 libdispatch.dylib 0x1a1b635cc _dispatch_lane_serial_drain + 768 7 libdispatch.dylib 0x1a1b64158 _dispatch_lane_invoke + 432 8 libdispatch.dylib 0x1a1b6f38c _dispatch_root_queue_drain_deferred_wlh + 288 9 libdispatch.dylib 0x1a1b6ebd8 _dispatch_workloop_worker_thread + 540 10 libsystem_pthread.dylib 0x224a17680 _pthread_wqthread + 288 11 libsystem_pthread.dylib 0x224a15474 start_wqthread + 8 Thread 14 name: Dispatch queue: CBDaemon Thread 14: 0 libsystem_kernel.dylib 0x1eb40cb78 __psynch_mutexwait + 8 1 libsystem_pthread.dylib 0x224a188a0 _pthread_mutex_firstfit_lock_wait + 84 2 libsystem_pthread.dylib 0x224a18250 _pthread_mutex_firstfit_lock_slow + 220 3 bluetoothd 0x10458af74 0x104550000 + 241524 4 bluetoothd 0x10458af48 0x104550000 + 241480 5 bluetoothd 0x10458aef0 0x104550000 + 241392 6 bluetoothd 0x10459038c 0x104550000 + 263052 7 bluetoothd 0x1045af878 0x104550000 + 391288 8 bluetoothd 0x1045af29c 0x104550000 + 389788 9 libdispatch.dylib 0x1a1b5a248 _dispatch_call_block_and_release + 32 10 libdispatch.dylib 0x1a1b5bfa8 _dispatch_client_callout + 20 11 libdispatch.dylib 0x1a1b635cc _dispatch_lane_serial_drain + 768 12 libdispatch.dylib 0x1a1b64158 _dispatch_lane_invoke + 432 13 libdispatch.dylib 0x1a1b6f38c _dispatch_root_queue_drain_deferred_wlh + 288 14 libdispatch.dylib 0x1a1b6ebd8 _dispatch_workloop_worker_thread + 540 15 libsystem_pthread.dylib 0x224a17680 _pthread_wqthread + 288 16 libsystem_pthread.dylib 0x224a15474 start_wqthread + 8 Thread 9 crashed with ARM Thread State (64-bit): x0: 0x00000001053b0cd8 x1: 0x003d800000182142 x2: 0x000000016b935c90 x3: 0x0000000000000000 x4: 0x0000000a10c7aaa4 x5: 0x0000000a1019c4f4 x6: 0x0000000000000044 x7: 0x00618000006bb171 x8: 0x0000000000000080 x9: 0x00000000ffffff80 x10: 0x0000000a1019c4e0 x11: 0x0000000000000024 x12: 0x0000000000000000 x13: 0x0000000000000000 x14: 0x0000000000000000 x15: 0x0000000000000000 x16: 0x665f800224969650 x17: 0x0000000104ee55c8 x18: 0x0000000000000000 x19: 0x000000016b935c90 x20: 0x0000000a10c5dd60 x21: 0x00000001053b0cd8 x22: 0x00000001053b0cd0 x23: 0x003d800000182122 x24: 0x00000001053b0cd0 x25: 0x000000016b935c28 x26: 0x0000000000000400 x27: 0x0000000a10cb3058 x28: 0x0000000a10fb9540 fp: 0x000000016b935b80 lr: 0x627a8001045815ac sp: 0x000000016b935b70 pc: 0x0000000104581618 cpsr: 0x20000000 far: 0x003d800000182159 esr: 0x92000004 (Data Abort) byte read Translation fault Binary Images: 0x104550000 - 0x104ee3fff bluetoothd arm64e <55d75cb2d5c832f581ff9392d1e7ef28> /usr/sbin/bluetoothd 0x1051d8000 - 0x1051dbfff FastpathLib arm64e <50caf55faa7637dbaec22557871a3167> /System/Library/Extensions/AppleSPU.kext/PlugIns/FastpathLib.plugin/FastpathLib 0x10520c000 - 0x105217fff libobjc-trampolines.dylib arm64e /private/preboot/Cryptexes/OS/usr/lib/libobjc-trampolines.dylib 0x1eb405000 - 0x1eb43efe3 libsystem_kernel.dylib arm64e /usr/lib/system/libsystem_kernel.dylib 0x199da8000 - 0x19a2ebfff CoreFoundation arm64e <6a60be13e6573beca9acba239ae29862> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x1c0015000 - 0x1c009813f dyld arm64e <4eb7459fe23738ce82403f3e2e1ce5ab> /usr/lib/dyld 0x0 - 0xffffffffffffffff ??? unknown-arch <00000000000000000000000000000000> ??? 0x1a1b9e000 - 0x1a1c1dffb libsystem_c.dylib arm64e <8d425c7257c93e54a1e1e243cbdfc446> /usr/lib/system/libsystem_c.dylib 0x224a14000 - 0x224a20ff3 libsystem_pthread.dylib arm64e /usr/lib/system/libsystem_pthread.dylib 0x1a1b58000 - 0x1a1b9dfff libdispatch.dylib arm64e <8ce3afb96d8434468fd4e5f798d98403> /usr/lib/system/libdispatch.dylib 0x224a5f000 - 0x224aa6fff libxpc.dylib arm64e /usr/lib/system/libxpc.dylib EOF ----------- Full Report -----------