ipf_frag_known() at ipf_frag_known+0x4e A lot of your crashes seem to have this. So I would try
enable DIAGNOSTIC read the code in ipf_frag_known, compile with -S and read the assembly, and add some KASSERTS there
pgp76pBTxx_es.pgp
Description: PGP signature