MT65xx Preloader connects to Guest too late since Virtualbox 6.0.2 (till the latest version)

[emptysixtyfive]

Preloader is a digitally-signed second-stage bootloader found in all Mediatek smartphones and tablets. After a powered-off device is connected to PC the Preloader component exposes a USB device 0E8D/2000 (VID/PID) and waits ~300 ms for a handshake and further commands from PC software. This is used to flash bricked devices and/or access other low-level functions.

After I updated from Virtualbox 5.2.44 to 7.0.10 I noticed the software in the Guest OS cannot complete a handshake anymore despite Virtualbox successfully passing-through a device. From a user perspective it looks like reconnecting a USB device from Host to Guest takes much more time now and by the time the Guest OS detects a Preloader device, the Preloader itself times out and triggers autodisconnect.

I did a "release bisect" of Virtualbox. The latest ever release with working Preloader pass-through is 6.0.0, and starting from the very next release - 6.0.2 - Preloader cannot connect in timely manner.

How I performed the testing of *every* Virtualbox release in my bisection process:

1. Install Ubuntu 18.04 LTS (the ISO I used is located at ​https://old-releases.ubuntu.com/releases/18.04.0/ubuntu-18.04-desktop-amd64.iso) from scratch on SSD on Host (Ryzen 3700X + 48 GB RAM) and a few dependencies (described below)
2. Install a Virtualbox release from a .deb for Ubuntu 18 downloaded from the Virtualbox "Older builds" page
3. Import a testing virtual machine from .ova (described below)
4. Enable USB 1.1 controller in VM settings, reset (as in power reset) the smartphone, test if Preloader can connect - my smartphone is plugged into a USB 2.0 port on the motherboard
5. Shutdown the VM, exit Virtualbox, install an Extension Pack
6. Enable USB 2.0 controller in VM settings, reset the smartphone, test if Preloader can connect - my smartphone is plugged into a USB 2.0 port on the motherboard
7. Go to 1 but use another Virtualbox release

Despite me using Ubuntu 18.04 as Host and Debian 12 Guest for a report here, I also managed to confirm the issue with the Latest Linux Mint 21 as Host and the following guests: Debian 10, Debian 12, Windows 7 Ultimate N with different software (both FOSS and proprietary) running in Guest. The logs for this report are pulled from Ubuntu 18.04 Host and Debian 12 Guest.

Below are the steps to reproduce the bug using the Free Open Source Software only. Reproduce rate is 100%.

The main PITA would be getting a fitting Mediatek smartphone for testing - the Preloader in different generations (62xx - dumb phones, 65xx - 2G/3G smartphones&tablets, 67xx - 4G, 68xx - the newest 5G generation) *might* have different handshake timeout hardcoded. I did my tests on the variety of mt65xx devices (mt6573, mt6575, mt6577). Though I'm sure this issue *should* also be reproducible on early 4G generation (mt6735, mt6737, mt6753). Please take care of the following: not all Preloaders can power off automatically and not all Preloaders check the power key (button) status, so reconnecting a battery or hitting a hardware "reset key" is a 100% working way to exit the Preloader mode on target device.

The Guest OS preparation steps are listed in "guest-setup.txt" file. For every Virtualbox release I restored the VM from an .ova file. Please note, creating a filter for the "Download agent" device might be useful if the Preloader delegates the workload to another component. The simpliest test command to be run in a prepared Guest VM is:

1. (access the guest shell, for example: "ssh vbox" and enter password)
2. cd mtkclient && . env/bin/activate
3. python ./mtk gettargetconfig

(Must reset the smartphone otherwise it *might* get stuck in the Preloader mode till the battery drains)

Note: The "-22" error seen in both Host and Guest dmesg outputs is intended behaviour of the Preloader.

The Host OS preparation steps are listed in "host-setup.txt". In short, it boils down to installing a few dependencies, activating a single udev rule and an SSH config for easy access to Guest.

The logs attached to this report include:

1. dmesg output from Host
2. dmesg output from Guest
3. debug output from Smartphone, cropped to include the lines printed from power-on till entering the Preloader USB mode (the rest doesn't matter for this report)
4. Virtualbox log
5. Wireshark dump for the Preloader USB device, captured on Host

(This is my first bug report, and I used machine translation a few times)

[emptysixtyfive]

Logs for Virtualbox 6.0.0 (working), 6.0.2 (broken); guest-setup.txt; host-setup.txt