pfSense

There are already two customers who reported about crashes which happened after update up to 26.03 pfSense Plus.
It happened on two different hardware: 7100 (HS #44225707405) and 4100 (HS #44386928982).

Crash report showed:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 18
fault virtual address = 0x30
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80eb2b66
stack pointer        = 0x0:0xfffffe0067e2f7c0
frame pointer        = 0x0:0xfffffe0067e2f830
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (if_io_tqg_1)
rdi: fffffe0008760a00 rsi: fffffe0067e2f7e0 rdx: 0000000000000001
rcx: 00000000000042a7  r8: 0000000000000002  r9: fffff80149a99360
rax: 0000000000000000 rbx: fffff80149a99300 rbp: fffffe0067e2f830
r10: fffffe0067e2f6f0 r11: 0000000000000001 r12: 0000000000000060
r13: fffff80008751800 r14: 0000000000000000 r15: fffff8017099e800
trap number = 12
panic: page fault
cpuid = 1
time = 1776065740
KDB: enter: panic

db:1:pfs> bt
Tracing pid 0 tid 100008 td 0xfffff80100d0b000
kdb_enter() at kdb_enter+0x33/frame 0xfffffe0067e2f640
panic() at panic+0x43/frame 0xfffffe0067e2f6a0
trap_pfault() at trap_pfault+0x3cf/frame 0xfffffe0067e2f6f0
calltrap() at calltrap+0x8/frame 0xfffffe0067e2f6f0
--- trap 0xc, rip = 0xffffffff80eb2b66, rsp = 0xfffffe0067e2f7c0, rbp = 0xfffffe0067e2f830 ---
bpf_mtap() at bpf_mtap+0x86/frame 0xfffffe0067e2f830
vlan_transmit() at vlan_transmit+0x42/frame 0xfffffe0067e2f880
ether_output_frame() at ether_output_frame+0xd3/frame 0xfffffe0067e2f8b0
ether_output() at ether_output+0x697/frame 0xfffffe0067e2f940
ip_tryforward() at ip_tryforward+0x4fc/frame 0xfffffe0067e2f9e0
ip_input() at ip_input+0x31d/frame 0xfffffe0067e2fa40
netisr_dispatch_src() at netisr_dispatch_src+0x1fa/frame 0xfffffe0067e2fa90
ether_demux() at ether_demux+0x194/frame 0xfffffe0067e2fac0
ether_nh_input() at ether_nh_input+0x32b/frame 0xfffffe0067e2fb20
netisr_dispatch_src() at netisr_dispatch_src+0x9f/frame 0xfffffe0067e2fb70
ether_input() at ether_input+0x56/frame 0xfffffe0067e2fbc0
ether_demux() at ether_demux+0x8e/frame 0xfffffe0067e2fbf0
ether_nh_input() at ether_nh_input+0x32b/frame 0xfffffe0067e2fc50
netisr_dispatch_src() at netisr_dispatch_src+0x9f/frame 0xfffffe0067e2fca0
ether_input() at ether_input+0x56/frame 0xfffffe0067e2fcf0
iflib_rxeof() at iflib_rxeof+0xa6f/frame 0xfffffe0067e2fe00
_task_fn_rx() at _task_fn_rx+0x72/frame 0xfffffe0067e2fe40
gtaskqueue_run_locked() at gtaskqueue_run_locked+0x14e/frame 0xfffffe0067e2fec0
gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe0067e2fef0
fork_exit() at fork_exit+0x7b/frame 0xfffffe0067e2ff30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0067e2ff30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---

System logs showed nothing informative.