It doesn’t crash really, in the sense that the pid is constant between occurrences, unless I restart it manually.
So here's what I've gathered.
It's not a crash, it's a kernel error that an invalid checksum was detected, and it then dumps the stack as well as the name of the process that generated the packet. These checksum errors can occur for a number of reason, one of them being hardware offloading done by the switch (like GSO/GRO).
I already eliminated the possibility of it being caused by flow cache or archer/runner.
I've tried redirecting to the link-local address, as well as to the local loopback (which didn't work), without any success.
I've also gone back through around 4 years of commits to the kernel udp.c driver as well as Netfilter's NAT driver. I tested two potential candidate, without any success.
So at this stage, there's a chance it may be an issue related to the Broadcom network driver (the kernel had a few drivers that needed fixing in the past over this issue).
It could also be an issue tied to packet fragmentation occurring with large UDP packets (that might explain why it does not happen with every IPv6 queries).
I think this is unlikely to be fixable without a low level debugging of the generated traffic, something beyond my current knowledge of networking (and not something I'm willing to devote hours into figuring out). So most likely fix at this time will be to remove IPv6 support from DNSFilter mode "Router".
I haven't yet tested it on a newer HND 5.04 device, tho even if it worked that wouldn't tell us much, as it has both a newer kernel and Broadcom SDK.
I've said it before, and I'll say it again: I hate IPv6.