Corrupted pool should not panic the system when doing 'zpool import'
Craig Rodrigues have reported a panic when a corrupted pool is present (on our patched version of FreeBSD aka "TrueOS" at github.com/trueos). "zpool import" would panic the system.
The panic is spa_tryimport -> spa_load -> load_nvlist, where there is a:
VERIFY(0 == dmu_bonus_hold(spa->spa_meta_objset, obj, FTAG, &db));
Note that load_nvlist is a static method and all callers are within spa.c, which all handles errors. With this in mind, it seems to be reasonable to just return the error returned from dmu_bonus_hold instead of asserting it be succeed.
I'd like to request a review of the attached patch (trueos 825d6821d636129800c00b10eafb68e6e00cb23a) and merge to upstream if it's appropriate.