I happened to discover this while working on the NVMe driver. I had added an assert to the end of the I/O path that the transferred size was equal to the request length, which originally tripped because I wasn't fulfilling all of requests. And then it started tripping after I had... until I added this assert at the top of the IO hook:
ASSERT(request->Buffer()->VecAt(0).length <= request->Length());
And, well, what do you know:
PANIC: ASSERT FAILED (../src/add-ons/kernel/drivers/disk/nvme/nvme_disk.cpp:661): request->Buffer()->VecAt(0).length <= request->Length()
Welcome to Kernel Debugging Land...
Thread 276 "launch_daemon" running on CPU 0
stack trace for thread 276 "launch_daemon"
kernel stack: 0xffffffff818ce000 to 0xffffffff818d3000
user stack: 0x00007f986d832000 to 0x00007f986e832000
frame caller <image>:function + offset
0 ffffffff818d1f98 (+ 24) ffffffff8014e44c <kernel_x86_64> arch_debug_call_with_fault_handler + 0x16
1 ffffffff818d1fb0 (+ 80) ffffffff800ad6d8 <kernel_x86_64> debug_call_with_fault_handler + 0x88
2 ffffffff818d2000 (+ 96) ffffffff800af061 <kernel_x86_64> kernel_debugger_loop(char const*, char const*, __va_list_tag*, int) + 0xf1
3 ffffffff818d2060 (+ 80) ffffffff800af35e <kernel_x86_64> kernel_debugger_internal(char const*, char const*, __va_list_tag*, int) + 0x6e
4 ffffffff818d20b0 (+ 240) ffffffff800af6c7 <kernel_x86_64> panic + 0xb7
5 ffffffff818d21a0 (+ 416) ffffffff81519ec1 <nvme_disk> nvme_disk_io(void*, IORequest*) + 0x8f1
6 ffffffff818d2340 (+ 80) ffffffff800cf475 <kernel_x86_64> devfs_io(fs_volume*, fs_vnode*, void*, IORequest*) + 0xb5
7 ffffffff818d2390 (+ 80) ffffffff8010f7d6 <kernel_x86_64> vfs_vnode_io + 0x36
8 ffffffff818d23e0 (+ 240) ffffffff8010fa62 <kernel_x86_64> do_iterative_fd_io_iterate(void*, IORequest*, bool*) + 0x232
9 ffffffff818d24d0 (+ 96) ffffffff8010fe52 <kernel_x86_64> do_iterative_fd_io + 0xe2
10 ffffffff818d2530 (+ 80) ffffffff8010f7d6 <kernel_x86_64> vfs_vnode_io + 0x36
11 ffffffff818d2580 (+ 368) ffffffff8010ffb6 <kernel_x86_64> vfs_read_pages + 0x96
12 ffffffff818d26f0 (+ 80) ffffffff80052ace <kernel_x86_64> file_cache_read + 0x8e
13 ffffffff818d2740 (+ 80) ffffffff800f17ba <kernel_x86_64> _kern_read + 0xba
14 ffffffff818d2790 (+ 32) ffffffff8016be9f <kernel_x86_64> pread + 0x1f
15 ffffffff818d27b0 (+ 16) ffffffff815a97f8 <packagefs> _ZN5BFdIO6ReadAtElPvm.localalias.6 + 0x18
16 ffffffff818d27c0 (+ 80) ffffffff8016ed13 <kernel_x86_64> BPositionIO::ReadAtExactly(long, void*, unsigned long, unsigned long*) + 0x53
17 ffffffff818d2810 (+ 64) ffffffff815a55dd <packagefs> _ZN11BPackageKit5BHPKG8BPrivate27PackageFileHeapAccessorBase12ReadFileDataEmPvm.localalias.0 + 0x2d
18 ffffffff818d2850 (+ 64) ffffffff815a5660 <packagefs> BPackageKit::BHPKG::BPrivate::PackageFileHeapAccessorBase::ReadAndDecompressChunkData(unsigned long, unsigned long, unsigned long, void*, void*) + 0x30
19 ffffffff818d2890 (+ 96) ffffffff815a504e <packagefs> _ZN11BPackageKit5BHPKG8BPrivate27PackageFileHeapAccessorBase16ReadDataToOutputElmP7BDataIO.localalias.4 + 0xde
20 ffffffff818d28f0 (+ 112) ffffffff81586777 <packagefs> _ZN16CachedDataReader14_ReadIntoPagesEPP7vm_pagemm.localalias.2 + 0x77
21 ffffffff818d2960 (+ 464) ffffffff81587664 <packagefs> _ZN16CachedDataReader14_ReadCacheLineElmlmP7BDataIO.localalias.6 + 0x654
22 ffffffff818d2b30 (+ 64) ffffffff81587a53 <packagefs> _ZN16CachedDataReader16ReadDataToOutputElmP7BDataIO.localalias.9 + 0x83
23 ffffffff818d2b70 (+ 112) ffffffff81591120 <packagefs> _ZN11PackageFile4ReadEP9IORequest.localalias.7 + 0xc0
24 ffffffff818d2be0 (+ 32) ffffffff81589776 <packagefs> packagefs_io(fs_volume*, fs_vnode*, void*, IORequest*) + 0x26
25 ffffffff818d2c00 (+ 80) ffffffff8010f7d6 <kernel_x86_64> vfs_vnode_io + 0x36
26 ffffffff818d2c50 (+ 32) ffffffff80052149 <kernel_x86_64> PrecacheIO::ReadAsync() + 0x29
27 ffffffff818d2c70 (+ 96) ffffffff8005234e <kernel_x86_64> cache_prefetch_vnode + 0x1fe
28 ffffffff818d2cd0 (+ 384) ffffffff8013456a <kernel_x86_64> _vm_map_file(int, char const*, void**, unsigned int, unsigned long, unsigned int, unsigned int, bool, int, long, bool) + 0x56a
29 ffffffff818d2e50 (+ 176) ffffffff80137aec <kernel_x86_64> _user_map_file + 0x10c
30 ffffffff818d2f00 (+ 48) ffffffff8014ffa4 <kernel_x86_64> x86_64_syscall_entry + 0xfe
user iframe at 0xffffffff818d2f30 (end = 0xffffffff818d2ff8)
rax 0xcc rbx 0x0 rcx 0x1a7e3c563e4
rdx 0x1 rsi 0x7f986e830358 rdi 0x7f986e830360
rbp 0x7f986e8303b0 r8 0x1003 r9 0x1
r10 0x1880000 r11 0x3206 r12 0x8ef4ecbc8
r13 0x7f986e830360 r14 0x0 r15 0x8ef4ecbc8
rip 0x1a7e3c563e4 rsp 0x7f986e8302f8 rflags 0x3206
vector: 0x63, error code: 0x0
31 ffffffff818d2f30 (+140294787290240) 000001a7e3c563e4 </boot/system/runtime_loader@0x000001a7e3c3e000> <unknown> + 0x183e4
32 00007f986e8303b0 (+5376) 000001a7e3c4bcb3 </boot/system/runtime_loader@0x000001a7e3c3e000> <unknown> + 0xdcb3
33 00007f986e8318b0 (+ 112) 000001a7e3c496a9 </boot/system/runtime_loader@0x000001a7e3c3e000> <unknown> + 0xb6a9
34 00007f986e831920 (+ 128) 000001a7e3c49b3a </boot/system/runtime_loader@0x000001a7e3c3e000> <unknown> + 0xbb3a
35 00007f986e8319a0 (+ 48) 000001a7e3c52463 </boot/system/runtime_loader@0x000001a7e3c3e000> <unknown> + 0x14463
36 00007f986e8319d0 (+ 0) 00007f645921b260 <commpage> commpage_thread_exit + 0x00
kdebug> io_request 0xffffffff82021a00
io_request at 0xffffffff82021a00
owner: 0x0000000000000000
parent: 0xffffffff818d25a0
status: No Error (1)
mutex: 0xffffffff82021a38
IOBuffer: 0xffffffff8206ae40
offset: 201245565
length: 38019
transfer size: 0
relative offset: 0
pending children: 0
flags: 0x0
team: 276
thread: 276
r/w: read
partial transfer: no
finished cvar: 0xffffffff82021ad0
iteration:
vec index: 0
vec offset: 0
remaining bytes: 38019
callbacks:
finished 0x0000000000000000, cookie 0x0000000000000000
iteration 0x0000000000000000, cookie 0x0000000000000000
children:
kdebug> io_
io_buffer io_context io_operation io_request
io_request_owner io_scheduler
kdebug> io_buffer 0xffffffff8206ae40
IOBuffer at 0xffffffff8206ae40
origin: kernel
kind: virtual
length: 38019
capacity: 1
vecs: 1
[0] 0xffffffff80860000, 53526
kdebug>
Posted https://review.haiku-os.org/c/haiku/+/2523 which will catch this at a higher level, in IORequest itself.