Adding witness data to a non-segwit script is invalid by consensus:

https://github.com/bitcoin/bitcoin/blob/d612837814020ae832499d18e6ee5eb919a87907/src/script/interpreter.cpp#L1467


This PR will detect such violation early and ban the peer:

https://github.com/bitcoin/bitcoin/pull/8499


Another approach is to run the scripts of all incoming transactions. That's not too bad as you have already fetched the utxos which is a major part of validation.