Fix ZFS panic on space map corruption #17812

[tidjean]

Add defensive validation to prevent kernel panics when corrupted space map data is encountered during pool import. Instead of panicking, the system now logs corruption and continues in read-only mode.

Changes:

• space_map.c: Add bounds checking in space_map_load_callback to skip zero-sized and out-of-bounds entries
• range_tree.c: Add defensive check in zfs_range_tree_remove_impl to detect corrupted segment bounds and recover gracefully

Motivation and Context

Description

How Has This Been Tested?

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Performance enhancement (non-breaking change which improves efficiency)
• [ ] Code cleanup (non-breaking change which makes code smaller or more readable)
• [ ] Quality assurance (non-breaking change which makes the code more robust against bugs)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)
• [ ] Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
• [ ] Documentation (a change to man pages or other documentation)

Checklist:

• [ ] My code follows the OpenZFS code style requirements.
• [ ] I have updated the documentation accordingly.
• [ ] I have read the contributing document.
• [ ] I have added tests to cover my changes.
• [ ] I have run the ZFS Test Suite with this change applied.
• [ ] All commit messages are properly formatted and contain Signed-off-by.

[amotin]

On a quick look this looks like a pretty narrow solution. Please see this discussion: https://github.com/openzfs/zfs/pull/17094#issuecomment-3374742888.