diff --git a/changes/bug12195 b/changes/bug12195
new file mode 100644
index 0000000000..f798129e64
--- /dev/null
+++ b/changes/bug12195
@@ -0,0 +1,7 @@
+  o Major bugfixes:
+    - When a circuit accidentally has the same circuit ID for its
+      forward and reverse direction, correctly detect the direction of
+      cells using that circuit. Previously, this would have made
+      roughly one circuit in a million non-functional. Fixes bug
+      12195; this is a bugfix on every version of Tor.
+
diff --git a/src/or/command.c b/src/or/command.c
index 9b3ff16f2c..105bdc637e 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -376,7 +376,7 @@ command_process_created_cell(cell_t *cell, channel_t *chan)
     return;
   }
 
-  if (circ->n_circ_id != cell->circ_id) {
+  if (circ->n_circ_id != cell->circ_id || circ->n_chan != chan) {
     log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,
            "got created cell from Tor client? Closing.");
     circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
@@ -461,6 +461,7 @@ command_process_relay_cell(cell_t *cell, channel_t *chan)
   }
 
   if (!CIRCUIT_IS_ORIGIN(circ) &&
+      chan == TO_OR_CIRCUIT(circ)->p_chan &&
       cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)
     direction = CELL_DIRECTION_OUT;
   else
@@ -529,6 +530,7 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
   circ->received_destroy = 1;
 
   if (!CIRCUIT_IS_ORIGIN(circ) &&
+      chan == TO_OR_CIRCUIT(circ)->p_chan &&
       cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
     /* the destroy came from behind */
     circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);