After moving from Linux kernel 3.8.3 to 3.14.13, I have the dst spoofed issue when testing IPv6 RD (Rapid Deployment). The console output below error message and the ping reply pack is dropped.

sit: Dst spoofed 10.149.6.128/2001:db8:ac10:1::1 -> 172.16.0.192/2001:db8:ac10:c0:d59d:4649:8244:6dfd

In my testing, I created an 6rd tunnel on the CE router:
sit1: ipv6/ip remote any local 172.16.0.192 ttl 64 6rd-prefix 2001:db8::/32 6rd-relay_prefix 10.149.6.128/32

Correspondingly, there was a 6rd tunnel on the server
sit1: ipv6/ip remote any local 10.149.6.128 ttl 64 6rd-prefix 2001:db8::/32

172.16.0.192 is the IPv4 address of my CE router, 10.149.6.128 is the address of the BR. 6rd prefix is 2001:db8::/32.

After looking into the linux kernel file, linux\net\ipv6\sit.c,
I suspect the function
static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst,
__be32 *v4dst)

misbehave.

It get the IPv4 destination IP by
*v4dst = tunnel->ip6rd.relay_prefix | htonl(d);

But I think it should get the IPv4 destination IP by getting it from IPv6 destination IP address per rfc5569.

Can anybody please help confirm this is a kernel issue or not?