Samsung Note 4 N910H, Magisk v25.2, stuck on the Magisk logo

[Unknown78]

Device: Samsung Galaxy Note 4 N910H Android version: Stock ROM Marshmallow 6.0.1 tre3gxx Magisk version name: https://github.com/topjohnwu/Magisk/commit/6066b5cf86703512451a021cf1aaf1a877530af7

My steps:

1. Install the .apk file
2. Open the app

At first, I think perhaps there's some kind of bug that prevent me to patch the boot image with Magisk directly from system. So I decided to uninstall the Magisk app. Flash it in TWRP, reboot to system, and then install Magisk .apk manually via file manager.

But the Magisk app is still stucks on the logo. How do I fix it?

---

[UPDATE]

After installing it with TWRP, (Recovery Key Combo) → (Splash screen) → (Release all buttons) → (System with Magisk) allows me to have superuser permission. There's no Magisk app installed, so I need to rename it back from .zip to .apk and then install it manually. In case anyone wonders, the proper way for me is to Just flash the magisk.apk with twrp and reboot to system then install the .apk manually. No need to rename .apk to .zip for the stable version. For the debug version, TWRP doesn't seem to detect it, so you need to make a copy of it and rename it to .zip. In the end, you have the same Magisk installation with two file extension: 1) .zip for flash in TWRP to patch the boot partition and 2) .apk for manual installation via file manager.

Further tips for clean reinstallation of Magisk:

• To uninstall Magisk App in your system easily in TWRP use unSU script by osm0sis.
• To uninstall Magisk from boot partition, just flash your stock stock boot.img or your unpatched custom kernel.
• After that, you can reflash magisk agin in TWRP, reboot to system, then install again magisk .apk manually via file manager.

[canyie]

canyie/Magisk#5 Does debug build apk work? Here is the link : https://github.com/topjohnwu/magisk-files/blob/canary/app-debug.apk?raw=true

[Unknown78]

It works!!!! Thank yo so much @canyie

---

So what went wrong? What's the actual bug?

[canyie]

I need a log to find out why.

1. Install ADB on your PC. Turn on "USB debugging“ in developer settings.
2. Connect your phone to your PC. Allow USB debugging if your phone asks for it.
3. Open cmd, type "adb logcat -c" and enter.
4. Type "adb logcat > app.log"
5. Install release-build app, open it, it should stuck at the Magisk logo
6. Wait one minute, press "Ctrl + C" in the cmd window, and upload app.log

[Unknown78]

Ok, here it is: app.log

[canyie]

09-10 14:08:17.056 15971 15971 E Zygote  : v2

09-10 14:08:17.056 15971 15971 I libpersona: KNOX_SDCARD checking this for 10243

09-10 14:08:17.056 15971 15971 I libpersona: KNOX_SDCARD not a persona

09-10 14:08:17.056 15971 15971 W SELinux : Function: selinux_compare_spd_ram, index[1], priority [2], priority version is VE=SEPF_SECMOBILE_6.0.1_0029

09-10 14:08:17.056  3837  5218 I ActivityManager: Start proc 15971:com.topjohnwu.magisk/u0a243 for activity com.topjohnwu.magisk/.ui.MainActivity

09-10 14:08:17.056 15971 15971 E Zygote  : accessInfo : 0

09-10 14:08:17.056 15971 15971 W SELinux : SELinux: seapp_context_lookup: seinfo=default, level=s0:c512,c768, pkgname=com.topjohnwu.magisk 

09-10 14:08:17.086 15971 15971 D TimaKeyStoreProvider: TimaSignature is unavailable

09-10 14:08:17.086 15971 15971 D ActivityThread: Added TimaKeyStore provider

09-10 14:08:17.316 15971 15971 I AppCompatDelegate: The Activity's LayoutInflater already has a Factory installed so we can not install AppCompat's

09-10 14:08:17.331 15971 15971 D ConnectivityManager: requestNetwork; getAppId(CallingUid) : 10243, CallingPid : 15971

09-10 14:08:17.336  3837  6045 D ConnectivityService: listenForNetwork for Listen from uid/pid:10243/15971 for NetworkRequest [ id=23, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ]

09-10 14:08:17.386 15971 15971 D SecWifiDisplayUtil: Metadata value : none

09-10 14:08:17.386 15971 15971 D ViewRootImpl: #1 mView = com.android.internal.policy.PhoneWindow$DecorView{ad27528 I.E...... R.....ID 0,0-0,0}

09-10 14:08:17.391 15971 16034 D OpenGLRenderer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true

09-10 14:08:17.461  3837  3863 D InputDispatcher: Focus entered window: 15971
09-10 14:08:17.486 15971 16034 D libEGL  : eglInitialize EGLDisplay = 0xa98717c4

09-10 14:08:17.486 15971 16034 I OpenGLRenderer: Initialized EGL, version 1.4

09-10 14:08:17.491 15971 16034 D mali_winsys: new_window_surface returns 0x3000,  [1440x2560]-format:1

09-10 14:08:17.491 15971 15971 D ViewRootImpl: MSG_RESIZED_REPORT: ci=Rect(0, 96 - 0, 0) vi=Rect(0, 96 - 0, 0) or=1

09-10 14:08:17.726 15971 16110 W System.err: remove failed: ENOENT (No such file or directory) : /data/user/0/com.topjohnwu.magisk/shared_prefs/com.topjohnwu.magisk_preferences.xml.bak

09-10 14:08:17.781 15971 16017 W ResourceType: ResTable_typeSpec entry count inconsistent: given 75, previously 77

09-10 14:08:17.781 15971 16017 W ResourceType: ResTable_typeSpec entry count inconsistent: given 3112, previously 3133

09-10 14:08:17.781 15971 16017 W ResourceType: ResTable_typeSpec entry count inconsistent: given 507, previously 4183

09-10 14:08:17.906 15971 16017 V NativeCrypto: Registering com/google/android/gms/org/conscrypt/NativeCrypto's 295 native methods...

09-10 14:08:17.961 15971 16017 I art     : Rejecting re-init on previously-failed class java.lang.Class<com.google.android.gms.org.conscrypt.Java7ExtendedSSLSession>

09-10 14:08:17.961 15971 16017 I art     : Rejecting re-init on previously-failed class java.lang.Class<com.google.android.gms.org.conscrypt.Java7ExtendedSSLSession>

09-10 14:08:17.966 15971 16017 I art     : Rejecting re-init on previously-failed class java.lang.Class<com.google.android.gms.org.conscrypt.Java8ExtendedSSLSession>

09-10 14:08:17.966 15971 16017 I art     : Rejecting re-init on previously-failed class java.lang.Class<com.google.android.gms.org.conscrypt.Java8ExtendedSSLSession>

09-10 14:08:17.996 15971 16017 I ProviderInstaller: Installed default security provider GmsCore_OpenSSL

Does it stuck on the logo? Found nothing special 🤔

[Unknown78]

Yes it does stuck indefinitely. What's the difference from apk-debug and main release that make it works? I don't really understand why.

[canyie]

They were compiled from the same source code, so I don't know why the release build doesn't work. I noticed you are installing the stable version, can you try this? https://github.com/topjohnwu/magisk-files/blob/canary/app-release.apk?raw=true

I know some old Samsung devices have a broken art which crashes when handling some DEX files, but I didn't see any crashes in your log.

[Unknown78]

Background

Unfortunately, I've just flashed N910C Custom ROM. [ROM][6.0.1][TW][N910C/H/U] Hani Base v1.01 [18-04-2016][Deodexed][PreRooted]

In my country, 3G is not available anymore. EDGE is not viable since it's very slow and easily went timeout. Without proper mobile data, my mobility is compromised. So I need to turn my N910H into N910C to enable 4G. The ROM blocks *#2263# MMI code for Service mode RIL menu. So to select proper LTE Band for my provider, I use Phone Info SAM+ v3.8.5 with its root launch 0. It's able to bypass MMI code blocking mechanism. I don't know any other apps that could bypass that.

---

With the usual Magisk-v25.2.apk, it works fine with this custom ROM.

---

If this weird case of mine turns out to be very important for Magisk, then please inform me, I'll try to help by flash to stock ROM N910H again. Five hours has passed for me to tinker, I need some rest.

[yujincheng08]

When stuck, run kill -s SIGQUIT $(pidof com.topjohnwu.magisk) as root and upload /data/anr/

[smgoller]

Testing this on a nexus 5. Debug build works, release build does not. Enclosing app.log. Note that I tried to downgrade to release, which failed. had to uninstall debug then install release. left release build running for a minute, then killed the log. app2.log

[yujincheng08]

need kill -s SIGQUIT $(pidof com.topjohnwu.magisk)

[aliazani]

I have the same issue Device: Samsung Galaxy Tab S 8.4 Android version: Stock ROM Marshmallow 6.0.1 Magisk version name: (https://github.com/topjohnwu/Magisk/releases/download/v25.2/Magisk-v25.2.apk)

My steps: Install the .apk file Open the app

[canyie]

@aliazani Please open a new issue with required info

[j-kaltes]

On Samsung Galaxy J5 (SM-J500FN) Android 6.0.1 I have similar problems:

• Release Magisk-v25.2.apk starts without problems when I don't have root;
• After installing Magisk-v25.2 via twrp-3.7.0_9-0, starting Magisk stays indefinitely in startup screen;
• When using su in adb shell, the usual question emerges on the screen and after agreeing, I have root.
• The above mentioned debug version https://github.com/topjohnwu/magisk-files/blob/canary/app-debug.apk?raw=true works and enables me to rename Magisk and add apps to the DenyList.

[Unknown78]

@yujincheng08 I couldn't run that command via adb with usb debugging enabled such as adb shell su -c echo test, my Windows Terminal is stuck, and my phone screen dim. It just stuck. So I use termux-v0.79-offline-bootstraps.apk instead. Since the latest termux is only supported on Nougat Android 7 and later.

Here's my step, I open Magisk, its logo will stuck and then I press Home Button, then open Termux. Even though it stuck on the logo, there will be a popup of Magisk asking me to grant permission on each su command that I enter. su -c kill -s SIGQUIT $(pidof com.topjohnwu.magisk) su -c cp -R /data/anr /sdcard/logs Here is the log: traces.txt

---

Hello everyone, I have some free time to tinker again. And I have found some interesting clues.

With the help of unSU Script by osm0sis, I was able to uninstall superSU and Magisk easily with TWRP. If you want to switch kernel then simply flash unSu script and then restore stock boot partition. After that, flash Magisk. Reboot to system, then install Magisk .apk manually via file manager.

The TWRP I'll be using is TWRP for Samsung Galaxy Note 4 Exynos LTE (treltexx): twrp-3.7.0_9-0-treltexx.img.tar.

Magisk-stable version is the same: v25.2 6066b5c (25200)

For the Magisk-debug version, i will use: 831a398b (25206)

---

With Stock Kernel

If I flash Magisk-stable with TWRP on stock kernel of 3.10.9-7284779, then it will be stuck on Magisk logo. This is the screenshot of about device.

This is TWRP Boot Partition Stock Kernel backup before flashing Magisk: StockBoot_boot.emmc.zip

This is TWRP Boot Partition Stock Kernel backup after flashing Magisk-stable: StockBootPatched_boot.emmc.zip

This is TWRP Boot Partition Stock Kernel backup after flashing Magisk-debug: StockBootPatchedDebug_boot.emmc.zip

---

With Custom Kernel

But If I install flash Magisk-stable with TWRP on custom kernel of SpaceLemon Kernel v2.91.45-standart-no-root, then there will be no stuck on Magisk logo. This is the screenshot of about device:

This is TWRP Boot Partition Custom Kernel backup before flashing Magisk: CustomBoot_boot.emmc.zip

This is TWRP Boot Partition Custom Kernel backup after flashing Magisk-stable: CustomBootPatched_boot.emmc.zip

This is TWRP Boot Partition Custom Kernel backup after flashing Magisk-debug: CustomBootPatchedDebug_boot.emmc.zip

---

Is it because of the Permissive SELinux enabled by the custom kernel that makes magisk-stable to not stuck? Or is it because of newer kernel version? I don't really knows. But this is an interesting found.

But there's one more puzzling issue, whatever the kernel whether stock or kernel and whatever Magisk edition whether stable or debug, I was unable to Hide the Magisk app. It will always Failed!.

[yujincheng08]

@Unknown78 You sent an empty traces.txt.

[Unknown78]

@yujincheng08 Sorry, I just fixed that. Please check again.

[yujincheng08]

@Unknown78 You should use the debug version of magisk app otherwise the obfusion prevent us from investigation.

And I suggest you follow these steps for better output:

1. Install debug version of Magisk app
2. Lauch termux (not required to launch Magisk app), and enter su
3. As you granted root to termux, force stop the magisk app, launch it and let it stuck
4. Back to termux, it should still be in the root mode, enter rm -rf /data/anr/* to clean the anr traces first
5. Then in termux, enter kill -s SIGQUIT $(pidof com.topjohnwu.magisk) to get the traces and cp -R /data/anr /sdcard/logs to copy the logs
6. Zip /sdcard/logs and send here

[canyie]

@yujincheng08 logs from debug version is useless because debug-build works, only release-build app stucks

[Unknown78]

@yujincheng08

1. Install debug version of Magisk app
2. As you granted root to termux, force stop the magisk app, launch it and let it stuck

Do you mean the release one? Because the debug is the one that is not stuck.

---

@canyie Another interesting things that I found:

Stock kernel + Magisk-stable .apk install = stuck Stock Kernel + Magisk-debug .apk install = doesn't stuck Custom kernel + Magisk-stable .apk install = doesn't stuck Custom Kernel + Magisk-debug .apk install = doesn't stuck

Stock kernel + Magisk-stable flash with TWRP + Magisk-stable .apk install = stuck Stock kernel + Magisk-stable flash with TWRP + Magisk-debug .apk install = doesn't stuck Stock kernel + Magisk-debug flash with TWRP + Magisk-stable .apk install = stuck Stock kernel + Magisk-debug flash with TWRP + Magisk-debug .apk install = doesn't stuck Custom kernel + Magisk-stable flash with TWRP + Magisk-stable .apk install = doesn't stuck Custom kernel + Magisk-stable flash with TWRP + Magisk-debug .apk install = doesn't stuck Custom kernel + Magisk-debug flash with TWRP + Magisk-stable .apk install = doesn't stuck Custom kernel + Magisk-debug flash with TWRP + Magisk-debug .apk install = doesn't stuck

I think this is some combination of Magisk-stable .apk, enforcing SELinux, or Kernel version?

[canyie]

app-release.zip Grab a new log (follow https://github.com/topjohnwu/Magisk/issues/6257#issuecomment-1242646250) with this build? I added some logs

[Unknown78]

@canyie Your app-release.zip couldn't be flashed in TWRP, it says "Invalid zip file format!".

I rename it to .apk and it couldn't be installed via file manager, it says "App not installed." Here is the log: app.log

[yujincheng08]

@Unknown78 Uninstall the app first. The signature is not matched.

[Unknown78]

@yujincheng08 I have uninstalled it by flashing unSU script in TWRP. Do I need to do it manually within debug .apk Uninstall Magisk > Complete Uninstall?

[yujincheng08]

01-01 22:34:41.493 14277 14277 W InstallAppProgress: Replacing package:com.topjohnwu.magisk

The log says you have already installed an app with package name com.topjohnwu.magisk.

[Unknown78]

Weird, because I already uninstalled it with unSU script, and I could install Magisk debug with it.

After complete uninstall via Magisk-debug .apk, I could then install it

But I observe two things:

Stock kernel + Magisk-stable flash with TWRP + Magisk-canyie .apk install The apps was successfully installed. But the moment I open it, it uninstall itself. PatchedBoot-stable_app.log

Stock kernel + Magisk-debug flash with TWRP + Magisk-canyie .apk install The apps was successfully installed. But the same stuck still happened. PatchedBoot-debug_app.log

[canyie]

app-release.zip Please use this build with Stock kernel + Magisk-debug flash with TWRP + Magisk-canyie .apk install to grab a new log, and report if it does stuck on the splash screen?

[Unknown78]

It does stuck. PatchedBoot-debug_app_canyie_v2.log

[canyie]

app-release.zip Use this build to grab a log again?

[Unknown78]

It does stuck again PatchedBoot-debug_app_canyie_v3.log

[canyie]

Yeah, I found the problem, will try to fix it asap

[canyie]

app-release.zip Does this build fix the issue? @Unknown78 @CourteousGeek @maingocvinh

[Unknown78]

Niceeeee. It doesn't stuck anymore.

This is the log if you need it: PatchedBoot-debug_app_canyie_v4.log

So what was the problem is? I'm really curious.

[canyie]

The problem is, release-build app cannot readlink /proc/self/exe from non-main threads on old platforms 🤔 Thus our root service failed to start. I'll submit a PR to fix it. Thanks for your help!

[Unknown78]

You're welcome, I'm glad the issue was fixed. 😄

But why does the debug-build can? I remember you said this before:

They were compiled from the same source code, so I don't know why the release build doesn't work.

In the new commit you said

Old platforms prevent readlink /proc/self/exe from being called from non-main threads on release builds, so hardcode /system/bin/app_process instead.

Why does the old platforms did that in the first place? It's just making me even more curious, lol.

[canyie]

I don't know the reason, just like I don't know why it happens 🤣 Maybe only the Googler that fixed it knows

[Unknown78]

Any comments @yujincheng08? 😆

[yujincheng08]

@Unknown78 A kernel bug that fixed since 4.4

[Unknown78]

The stock kernel is 3.10.9 where it stuck, while the custom kernel is 3.10.105 where it doesn't. Why did you say it fixed since 4.4?

[yujincheng08]

@Unknown78 https://github.com/moby/moby/issues/18883#issuecomment-356507236

[Unknown78]

Ccomparing between

The old v3.10.9 kernel https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/proc/fd.c?h=v3.10.9&id=0a4b6d4ff200a553951f77f765971cb3e4c91ec0#n303

and the new v3.10.105 kernel https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/proc/fd.c?h=v3.10.105&id=ec55e7c2bf49a426b6f8204505bd267c77554d37#n303

The code for the particular function of proc_fd_permission is still the same. Nothing changes.

Should I trace even further to the inner function call of generic_permission, task_pid, and proc_pid? Or should I stop? :rofl:

[hhihhio]

I don't know the reason, just like I don't know why it happens 🤣 Maybe only the Googler that fixed it knows

this problem only happen in android 6 and 5

[Unknown78]

FWIW, I find this is interesting to read: https://android.stackexchange.com/questions/51651/which-android-runs-which-linux-kernel

Why Android OS/kernel version mismatches OEMs tend to ship their major Android updates with a similar kernel to the one the device was initially released with. This is most likely to avoid hardware and driver incompatibility issues with a newer kernel. For example, a device that has been updated to run Android 8.0 Oreo but originally shipped with 6.0 Marshmallow may still be running Linux 3.18.x instead of Linux 4.10.x.

---

I've also flashed custom kernel of Suemax Kernel Pure Basic UX v3.2-N910C-910H_3.10.105.zip and confirmed it doesn't stuck with our usual Magisk release build. Thus, whether SELinux Enforcing or Permissive is not a problem as far as comparing between v3.10.9 and v3.10.105 kernel.

[Unknown78]

Comparing between

v3.10.9 kernel https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/namei.c?h=v3.10.9#n311

v3.10.43 kernel https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/namei.c?h=v3.10.43#n311

v3.10.44 kernel https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/namei.c?h=v3.10.44#n311

v3.10.105 kenel https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/namei.c?h=v3.10.105#n312

The inner function call of generic_permission code did change on v3.9.44 kernel.

---

I've looked through the history of commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=linux-3.10.y&ofs=3800

And found the commit that changes that: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-3.10.y&id=4f80c6c1825a91cecf3b3bd19c824e768d98fe48

author Andy Lutomirski luto@amacapital.net 2014-06-10 12:45:42 -0700 committer Greg Kroah-Hartman gregkh@linuxfoundation.org 2014-06-16 13:42:52 -0700 commit 4f80c6c1825a91cecf3b3bd19c824e768d98fe48 (patch) tree cdb4e44336c2a34d559d3a609784d74a37c7301a parent 853771148c5aa5998c423ed4dddd7605d4b4c949 (diff) download linux-4f80c6c1825a91cecf3b3bd19c824e768d98fe48.tar.gz fs,userns: Change inode_capable to capable_wrt_inode_uidgid commit 23adbe12ef7d3d4195e80800ab36b37bee28cd03 upstream.

The kernel has no concept of capabilities with respect to inodes; inodes exist independently of namespaces. For example, inode_capable(inode, CAP_LINUX_IMMUTABLE) would be nonsense.

This patch changes inode_capable to check for uid and gid mappings and renames it to capable_wrt_inode_uidgid, which should make it more obvious what it does.

Fixes CVE-2014-4014.

Cc: Theodore Ts'o tytso@mit.edu Cc: Serge Hallyn serge.hallyn@ubuntu.com Cc: "Eric W. Biederman" ebiederm@xmission.com Cc: Dave Chinner david@fromorbit.com Signed-off-by: Andy Lutomirski luto@amacapital.net Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org

---

Without further testing, I couldn't be sure that's the real source of the problem. Should I stop? :rofl:

[CourteousGeek]

app-release.zip Does this build fix the issue? @Unknown78 @CourteousGeek @maingocvinh

Stuck on magisk logo

[Unknown78]

Hmm, what's your kernel version? Screenshot the Settings > About Device

[CourteousGeek]

3.10.84

[hhihhio]

I have two devices J5 and J7 both cannot open Magisk app in Android 6, J5 phone has Android 7 and kernel version is 3.10.49, I don't remember kernel version of Android 6. Could it be due to Android OS?

[Unknown78]

@CourteousGeek Please do as per canyie instruction above:

I need a log to find out why.

1. Install ADB on your PC. Turn on "USB debugging“ in developer settings.
2. Connect your phone to your PC. Allow USB debugging if your phone asks for it.
3. Open cmd, type "adb logcat -c" and enter.
4. Type "adb logcat > app.log"
5. Install release-build app, open it, it should stuck at the Magisk logo
6. Wait one minute, press "Ctrl + C" in the cmd window, and upload app.log

[hhihhio]

app-release.zip Does this build fix the issue? @Unknown78 @CourteousGeek @maingocvinh

Stuck on magisk logo

I will try this soon