Thank you for taking a look at this!
Not only it fixes D47534, it also does not break D47585 (introduce a regression).

This change addresses the failing test, but there's a new failure in sys/netinet/fibs_test:same_ip_multiple_ifaces_fib0. The test creates two interfaces, then assigns the same IP address to each, with different masks. With this change, the second address assignment fails with EEXIST.

I'm not sure if that's actually a valid thing to do in practice; see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189089 . Maybe @asomers remembers?

In D48650#1109739, @markj wrote:

This change addresses the failing test, but there's a new failure in sys/netinet/fibs_test:same_ip_multiple_ifaces_fib0. The test creates two interfaces, then assigns the same IP address to each, with different masks. With this change, the second address assignment fails with EEXIST.

I'm not sure if that's actually a valid thing to do in practice; see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189089 . Maybe @asomers remembers?

At the time I wrote that test, I was doing a bunch of changes to make multiple fibs work better. Not just for firewalls, but for applications. I'm sure that my then-employer didn't have a use case for assigning the same IP address to multiple interfaces on the same fib at the same time. I probably found the crash bug just through exploratory testing. And I think that the purpose of the test was just to ensure that the system didn't panic.