OK ... pfctl and the kernel are in sync, you do not appear to have a Frankensystem.
At this point I believe you have five options you may select from. And you may select more than one.
- Review the source code to determine the logic that is occurring to produce the error, to aid with root cause determination and (if you are a C programmer) perhaps develop and submit a patch if a flaw in logic is uncovered. Even if you do not find the trouble and develop a fix on your own, this may help should you avail yourself of options 2 or 3 and that results in patches being sent to you by a developer for testing.
- Post an informal problem report to the misc@ mailing list to ask advice, similarly to what you have done here. You will need to include more information than you've posted here, however. Minimally, you should post a complete dmesg and a clarified description of the symbolic structure you've touched on here.
- Post a formal problem report. The problem tracking database is currently shut down so sendbug(1) may be used as the fill-in-the-blanks form with the results mailed to the bugs@ mailing list.
- Upgrade the gateway platform (or a test gateway) to 5.1-release, and then to -current, in order to determine if the problem has been eliminated with code committed since August of last year, when 5.0 was readied for release.
- Wait and hope someone else replies here.