According to the stack trace, the crash seems to happen by
dereferencing NULL pointer (with some offset) in a non-main thread
executing the following code in the SIGIO handler.
if (input_available_clear_time)
EMACS_SET_SECS_USECS (*input_available_clear_time, 0, 0);
EMACS_SET_SECS_USECS consists of multiple instructions, and
input_available_clear_time might be cleared to NULL by the main thread
between the NULL-check and the completion of EMACS_SET_SECS_USECS in a
non-main thread.
Could you try the following patch for a while to see if it can avoid
the issue?