diff --git a/net/core/dev.c b/net/core/dev.c
index 14a83f2035b9..994ee4c20131 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3805,10 +3805,16 @@ static netdev_features_t gso_features_check(const struct sk_buff *skb,
 	 * segmentation-offloads.rst).
 	 */
 	if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) {
-		struct iphdr *iph = skb->encapsulation ?
-				    inner_ip_hdr(skb) : ip_hdr(skb);
-
-		if (!(iph->frag_off & htons(IP_DF)))
+		const struct iphdr *iph = skb->encapsulation ?
+					  inner_ip_hdr(skb) : ip_hdr(skb);
+		int nhoff = skb->encapsulation ?
+			    skb_inner_network_offset(skb) :
+			    skb_network_offset(skb);
+
+		if (((skb_shinfo(skb)->gso_type & SKB_GSO_DODGY) &&
+		     unlikely(nhoff < 0 ||
+			      skb->len < (unsigned int)nhoff + sizeof(*iph))) ||
+		    !(iph->frag_off & htons(IP_DF)))
 			features &= ~dev->mangleid_features;
 	}