Steve Hill wrote:

> then the ESP SA is added and it has the same sequence number (1) as the 
> AH SA so the AH SA gets deleted.
> 
> The xfrm_state_add() function does:
>         x1 = __xfrm_find_acq_byseq(x->km.seq);
>         ...
>         xfrm_state_delete(x1);
> And this is responsible for deleting the AH SA due to it's matching 
> sequence number.

This is a bug in the kernel, __xfrm_find_acq_byseq should only return
XFRM_STATE_ACQ states. This patch should fix it.

Signed-off-by: Patrick McHardy <kaber@trash.net>