In OpenBSD 7.4 before errata 009, a race condition between pf(4)s processing of packets and expiration of packet states may cause a kernel panic.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.