--- x/net/core/filter.c
+++ y/net/core/filter.c
@@ -2159,6 +2159,10 @@ static int __bpf_redirect_no_mac(struct
 		if (!skb_at_tc_ingress(skb))
 			skb_postpull_rcsum(skb, skb_mac_header(skb), mlen);
 	}
+	if (skb->tail - skb->data <= sizeof(struct iphdr)) {
+		kfree_skb(skb);
+		return -ERANGE;
+	}
 	skb_pop_mac_header(skb);
 	skb_reset_mac_len(skb);
 	return flags & BPF_F_INGRESS ?