TCP connections fail on TUN only (Tun doesn't start properly half the time)

[BK8000L]

Operating system

Android

System version

android 11 LOS on mi a3, android 10 miui on redmi 9a

Installation type

sing-box for Android Graphical Client

If you are using a graphical client, please provide the version of the client.

No response

Version

every version, logs are from 1.12.0-beta.15

Description

sing-box TUN is inconsistent, sometimes it starts properly, sometimes it starts and all TCP connections fail (connection refused on curl), i have to stop/start sing-box to fix it (waiting doesn't help).
UDP over TUN works all the time.
TCP over SOCKS works all the time.

logcat: (log just before i press the start button, i don't see any difference between them)
bad.log.txt
good.log.txt

redundant logcats:
bad-1.log.txt
good-1.log.txt

bad-2.log.txt
good-2.log.txt

bad-3.log.txt
good-3.log.txt

good-4.log.txt

screenshots of bad start:

good start is the same but tcp connections are visible in the log

Reproduction

config: https://pastebin.com/QrZgaq26 (mtu 1500 or 9000, stack system or gvisor, ip 172.19.0.1/30 - same result)
start the config multiple times, 50% of the time internet will not be accessible.
only mobile data and only wifi give the same result.

Logs

above

Supporter

• I am a sponsor

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[BK8000L]

i compared outputs of "iptables -S -t nat/mangle/filter", "ip route show table 0", "ip rule" between good and bad starts and there is no difference.
tcpdump shows this

sudo ./tcpdump-aarch64 -i any -n -f "host 1.1.1.2"
tcpdump-aarch64: data link type LINUX_SLL2
tcpdump-aarch64: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
03:41:28.652833 tun0  Out IP 192.168.123.10.37788 > 1.1.1.2.443: Flags [SEW], seq 325277618, win 65535, options [mss 8960,nop,nop,sackOK,nop,wscale 10], length 0
03:41:28.653116 tun0  In  IP 1.1.1.2.443 > 192.168.123.10.37788: Flags [R.], seq 0, ack 325277619, win 0, length 0

[nekohasekai]

You may need a reboot

[BK8000L]

this is happening for multiple months, reboot doesn't help, what information do i need to give? but the randomness changes over time: sometimes it doesn't start for multiple times, sometimes it works perfectly 5 times in a row

[BK8000L]

it is very inconsistent, so i tested this way: deleted current version, rebooted, installed older apk, reboot, tried to use it, and im 90% sure that version 1.10.6 introduced this issue, but there is a weird thing: if i install the same version twice (just open the apk and agree to updating, works even with latest beta), it works fine until i reboot or force close the app from android settings

[nekohasekai]

I'm sorry but it looks like you lied about being a sponsor so I'll close this.

[BK8000L]

sorry, i asked my friend to send crypto but he's delaying it for a week already, how much do you want for this?