Session 22 — 2026-03-27e
| Field | Value |
|---|---|
| Date | 2026-03-27 |
| Phase | 03b — TWRP |
| Duration | ~1.5 h |
Strace Setup
- Static aarch64 strace v6.7 pushed to
/tmp/ - Full stock recovery ramdisk extracted and pushed as
/tmp/stockroot/ - Chroot with bind mounts for
/dev,/proc,/sys - TWRP recovery SIGSTOP’d (PID 528) before running stock binary
Stock Recovery Display Init Sequence (Confirmed)
1. openat("/dev/graphics/fb0", O_RDWR|O_CLOEXEC) → fd 0
2. ioctl(0, FBIOGET_FSCREENINFO)
3. ioctl(0, FBIOGET_VSCREENINFO)
4. mmap(NULL, 21209088, PROT_READ|PROT_WRITE, MAP_SHARED, 0, 0) ← full double-buffer
5. openat("/dev/graphics/fb0", O_RDWR) → fd 12 (ebc geometry helper)
6. ioctl(12, FBIOGET_VSCREENINFO / FBIOGET_FSCREENINFO)
7. close(12)
8. openat("/dev/ebc", O_RDWR) → fd 12
9. mmap(NULL, 10513152, PROT_READ|PROT_WRITE, MAP_SHARED, 12, 0)
10. ioctl(12, 0x700c, ...) ← EBC_SEND_UPDATE (init/clear) — BEFORE blank
11. ioctl(0, FBIOBLANK, 4) ← FB_BLANK_POWERDOWN
12. ioctl(0, FBIOBLANK, 0) ← FB_BLANK_UNBLANK
13. ioctl(12, 0x700c, ...) ← EBC_SEND_UPDATE (content) ×2Stock code never calls: FBIOPUT_VSCREENINFO, FBIOPAN_DISPLAY, EBC_WAIT_UPDATE, EBC_CLEAR, or any sysfs writes.
Critical Finding: Stock Binary Also Failed to Render
The stock recovery binary ran its complete display init sequence inside the TWRP chroot and produced no visible display change. This definitively proves:
- The EPDC display problem is NOT a userspace ioctl issue
- Our TWRP ioctl code was correct all along
- The problem is in the kernel or init boot environment
Two remaining hypotheses
- fd conflict — TWRP was only SIGSTOP’d, still holding open mmaps to fb0 and /dev/ebc. EBC driver may only support one active client; stock binary’s ioctls silently no-op’d.
- Missing hardware init in TWRP’s init.rc — stock recovery ramdisk’s init scripts may perform MDSS/EPDC hardware initialization that TWRP’s init.rc doesn’t replicate.
Input Device Map (Confirmed from Strace)
| Device | Type |
|---|---|
| event0 | Power/Back button (KEY_POWER, KEY_BACK) |
| event1 | Capacitive touchscreen (MT type B) |
| event2 | EMR stylus (ABS_X/Y/PRESSURE/DISTANCE) |
| event3 | USB mouse |
| event4 | Virtual keys / GPIO |
| event5 | Hall sensor (KEY_LEFTALT, KEY_POWER, KEY_WAKEUP) |
| event6 | Volume up |
Touchscreen uses standard Linux MT type B — TWRP handles natively.
Next Step
Fully SIGKILL TWRP (prevent init respawn) and re-run stock binary to eliminate fd conflict. Compare stock recovery init.rc against TWRP’s for missing MDSS/EPDC hardware init writes.