Wireshark apparently reports malformed packets when the protocol dissector fails to decode the packet.
I expect this may follow from either a software bug in the dissector, or the packet source failing to follow the protocol rules.
If you have correctly applied an acl blocking the source ip, then someone on your subnet is spoofing the ip address. Look at the Ethernet II Source. If it matches the mac address of your router, then you have a problem in your acl. If not, some one else on your subnet is up to no good: see what other ip address originate from this mac address.