diff mbox series

mm/vmscan: don't scan adjust too much if current is not kswapd

Message ID 20220914023318.549118-1-zhanghongchen@loongson.cn (mailing list archive)
State Superseded
Headers show
Series mm/vmscan: don't scan adjust too much if current is not kswapd | expand

Commit Message

Hongchen Zhang Sept. 14, 2022, 2:33 a.m. UTC 
when a process falls into page fault and there is not enough free
memory,it will do direct reclaim. At the same time,it is holding
mmap_lock.So in case of multi-thread,it should exit from page fault
ASAP.
When reclaim memory,we do scan adjust between anon and file lru which
may cost too much time and trigger hung task for other thread.So for a
process which is not kswapd,it should just do a little scan adjust.

Signed-off-by: Hongchen Zhang <zhanghongchen@loongson.cn>
---
 mm/vmscan.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Andrew Morton Sept. 14, 2022, 10:51 p.m. UTC | #1 
On Wed, 14 Sep 2022 10:33:18 +0800 Hongchen Zhang <zhanghongchen@loongson.cn> wrote:

> when a process falls into page fault and there is not enough free
> memory,it will do direct reclaim. At the same time,it is holding
> mmap_lock.So in case of multi-thread,it should exit from page fault
> ASAP.
> When reclaim memory,we do scan adjust between anon and file lru which
> may cost too much time and trigger hung task for other thread.So for a
> process which is not kswapd,it should just do a little scan adjust.

Well, that's a pretty nasty bug.  Before diving into a possible fix,
can you please tell us more about how this happens?  What sort of
machine, what sort of workload.  Can you suggest why others are not
experiencing this?

> --- a/mm/vmscan.c
> +++ b/mm/vmscan.c
> @@ -3042,11 +3042,17 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc)
>  		nr[lru] = targets[lru] * (100 - percentage) / 100;
>  		nr[lru] -= min(nr[lru], nr_scanned);
>  
> +		if (!current_is_kswapd())
> +			nr[lru] = min(nr[lru], nr_to_reclaim);
> +
>  		lru += LRU_ACTIVE;
>  		nr_scanned = targets[lru] - nr[lru];
>  		nr[lru] = targets[lru] * (100 - percentage) / 100;
>  		nr[lru] -= min(nr[lru], nr_scanned);
>  
> +		if (!current_is_kswapd())
> +			nr[lru] = min(nr[lru], nr_to_reclaim);
> +
>  		scan_adjusted = true;
>  	}
>  	blk_finish_plug(&plug);

It would be better if these additions had code comments explaining why
they're there.  But let's more fully understand the problem before
altering your patch.
Matthew Wilcox Sept. 14, 2022, 11:02 p.m. UTC | #2 
On Wed, Sep 14, 2022 at 03:51:42PM -0700, Andrew Morton wrote:
> On Wed, 14 Sep 2022 10:33:18 +0800 Hongchen Zhang <zhanghongchen@loongson.cn> wrote:
> 
> > when a process falls into page fault and there is not enough free
> > memory,it will do direct reclaim. At the same time,it is holding
> > mmap_lock.So in case of multi-thread,it should exit from page fault
> > ASAP.
> > When reclaim memory,we do scan adjust between anon and file lru which
> > may cost too much time and trigger hung task for other thread.So for a
> > process which is not kswapd,it should just do a little scan adjust.
> 
> Well, that's a pretty nasty bug.  Before diving into a possible fix,
> can you please tell us more about how this happens?  What sort of
> machine, what sort of workload.  Can you suggest why others are not
> experiencing this?

One thing I'd like to know is whether the page fault is for an anonymous or
file-backed page.  We already drop the mmap_lock for doing file I/O
(or we should ...) and maybe we also need to drop the mmap_lock for
doing direct reclaim?
Hongchen Zhang Sept. 15, 2022, 1:19 a.m. UTC | #3 
Hi Andrew,

On 2022/9/15 am 6:51, Andrew Morton wrote:
> On Wed, 14 Sep 2022 10:33:18 +0800 Hongchen Zhang <zhanghongchen@loongson.cn> wrote:
> 
>> when a process falls into page fault and there is not enough free
>> memory,it will do direct reclaim. At the same time,it is holding
>> mmap_lock.So in case of multi-thread,it should exit from page fault
>> ASAP.
>> When reclaim memory,we do scan adjust between anon and file lru which
>> may cost too much time and trigger hung task for other thread.So for a
>> process which is not kswapd,it should just do a little scan adjust.
> 
> Well, that's a pretty nasty bug.  Before diving into a possible fix,
> can you please tell us more about how this happens?  What sort of
> machine, what sort of workload.  Can you suggest why others are not
> experiencing this?
>We got a hung task panic originally by doing ltpstress on a Loongarch 
3A5000+71000 machine.Then, we found the same problem on a X86 machine as 
following:
[ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120 
seconds.
[ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
[ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" 
disables this message.
[ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid: 
77327 flags:0x00004002
[ 3748.483358] Call Trace:
[ 3748.485964]  <TASK>
[ 3748.488150]  __schedule+0x23d/0x590
[ 3748.491804]  schedule+0x4e/0xc0
[ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
[ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
[ 3748.505181]  down_read+0x43/0xa0
[ 3748.508518]  do_user_addr_fault+0x41c/0x670
[ 3748.512799]  exc_page_fault+0x77/0x170
[ 3748.516673]  asm_exc_page_fault+0x26/0x30
[ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
[ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 
0f 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 
d1 <f3> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
[ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
[ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX: 
0000000000000010
[ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI: 
00007f99faa1a000
[ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09: 
0000000000000014
[ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12: 
0000000000001000
[ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15: 
ffffaa9248fffd98
[ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
[ 3748.592614]  filemap_read+0x174/0x3e0
[ 3748.596354]  ? ima_file_check+0x6a/0xa0
[ 3748.600301]  generic_file_read_iter+0xe5/0x150
[ 3748.604884]  ext4_file_read_iter+0x5b/0x190
[ 3748.609164]  ? aa_file_perm+0x102/0x250
[ 3748.613125]  new_sync_read+0x10d/0x1a0
[ 3748.617009]  vfs_read+0x103/0x1a0
[ 3748.620423]  ksys_read+0x67/0xf0
[ 3748.623743]  __x64_sys_read+0x19/0x20
[ 3748.627511]  do_syscall_64+0x59/0xc0
[ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
[ 3748.636144]  ? do_syscall_64+0x69/0xc0
[ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
[ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
[ 3748.649872]  ? irqentry_exit+0x1d/0x30
[ 3748.653737]  ? exc_page_fault+0x89/0x170
[ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 3748.663030] RIP: 0033:0x7f9a852989cc
[ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX: 
0000000000000000
[ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX: 
00007f9a852989cc
[ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI: 
0000000000000061
[ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09: 
00007f99faa18010
[ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12: 
00007f99faa18010
[ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15: 
0000000000027100
[ 3748.711199]  </TASK>
...
...
[ 3750.943278] Kernel panic - not syncing: hung_task: blocked tasks
[ 3750.949399] CPU: 1 PID: 39 Comm: khungtaskd Not tainted 
5.15.0-46-generic #49-Ubuntu
[ 3750.957305] Hardware name: LENOVO 90DWCTO1WW/30D9, BIOS M05KT70A 
03/09/2017
[ 3750.964410] Call Trace:
[ 3750.966897]  <TASK>
[ 3750.969031]  show_stack+0x52/0x5c
[ 3750.972409]  dump_stack_lvl+0x4a/0x63
[ 3750.976129]  dump_stack+0x10/0x16
[ 3750.979491]  panic+0x149/0x321
[ 3750.982612]  check_hung_uninterruptible_tasks.cold+0x34/0x48
[ 3750.988383]  watchdog+0xad/0xb0
[ 3750.991562]  ? check_hung_uninterruptible_tasks+0x300/0x300
[ 3750.997285]  kthread+0x127/0x150
[ 3751.000587]  ? set_kthread_struct+0x50/0x50
[ 3751.004878]  ret_from_fork+0x1f/0x30
[ 3751.008527]  </TASK>
[ 3751.010794] Kernel Offset: 0x34600000 from 0xffffffff81000000 
(relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 3751.034481] ---[ end Kernel panic - not syncing: hung_task: blocked 
tasks ]---
The difference with normal ltpstress test is we use a very large swap 
partition,so the swap pressure is bigger than normal,and this problem 
becomes more likely to occur.

>> --- a/mm/vmscan.c
>> +++ b/mm/vmscan.c
>> @@ -3042,11 +3042,17 @@ static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc)
>>   		nr[lru] = targets[lru] * (100 - percentage) / 100;
>>   		nr[lru] -= min(nr[lru], nr_scanned);
>>   
>> +		if (!current_is_kswapd())
>> +			nr[lru] = min(nr[lru], nr_to_reclaim);
>> +
>>   		lru += LRU_ACTIVE;
>>   		nr_scanned = targets[lru] - nr[lru];
>>   		nr[lru] = targets[lru] * (100 - percentage) / 100;
>>   		nr[lru] -= min(nr[lru], nr_scanned);
>>   
>> +		if (!current_is_kswapd())
>> +			nr[lru] = min(nr[lru], nr_to_reclaim);
>> +
>>   		scan_adjusted = true;
>>   	}
>>   	blk_finish_plug(&plug);
> 
> It would be better if these additions had code comments explaining why
> they're there.  But let's more fully understand the problem before
> altering your patch.
Thanks,
Hongchen Zhang
Matthew Wilcox Sept. 15, 2022, 7:28 a.m. UTC | #4 
On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
> seconds.
> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
> this message.
> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
> 77327 flags:0x00004002
> [ 3748.483358] Call Trace:
> [ 3748.485964]  <TASK>
> [ 3748.488150]  __schedule+0x23d/0x590
> [ 3748.491804]  schedule+0x4e/0xc0
> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
> [ 3748.505181]  down_read+0x43/0xa0
> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
> [ 3748.512799]  exc_page_fault+0x77/0x170
> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
> 0000000000000010
> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
> 00007f99faa1a000
> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
> 0000000000000014
> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
> 0000000000001000
> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
> ffffaa9248fffd98
> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
> [ 3748.592614]  filemap_read+0x174/0x3e0

Interesting; it wasn't the process itself which triggered the page
fault; the process called read() and the kernel took the page fault to
satisfy the read() call.

> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
> [ 3748.609164]  ? aa_file_perm+0x102/0x250
> [ 3748.613125]  new_sync_read+0x10d/0x1a0
> [ 3748.617009]  vfs_read+0x103/0x1a0
> [ 3748.620423]  ksys_read+0x67/0xf0
> [ 3748.623743]  __x64_sys_read+0x19/0x20
> [ 3748.627511]  do_syscall_64+0x59/0xc0
> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
> [ 3748.653737]  ? exc_page_fault+0x89/0x170
> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
> [ 3748.663030] RIP: 0033:0x7f9a852989cc
> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000000
> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
> 00007f9a852989cc
> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
> 0000000000000061
> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
> 00007f99faa18010
> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
> 00007f99faa18010
> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
> 0000000000027100

ORIG_RAX is 0, which matches sys_read.
RDI is file descriptor 0x61
RSI is plausibly a userspace pointer, 0x7f99faa18010
RDX is the length, 0x27100 or 160kB.

That all seems reasonable.

What I really want to know is who is _holding_ the lock.  We stash
a pointer to the task_struct in 'owner', so we could clearly find this
out in the 'blocked for too long' report, and print their stack trace.

You must have done something like this already in order to deduce that
it was the direct reclaim path that was the problem?
Hongchen Zhang Sept. 15, 2022, 8:02 a.m. UTC | #5 
Hi Matthew,
On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
>> seconds.
>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
>> this message.
>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
>> 77327 flags:0x00004002
>> [ 3748.483358] Call Trace:
>> [ 3748.485964]  <TASK>
>> [ 3748.488150]  __schedule+0x23d/0x590
>> [ 3748.491804]  schedule+0x4e/0xc0
>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
>> [ 3748.505181]  down_read+0x43/0xa0
>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
>> [ 3748.512799]  exc_page_fault+0x77/0x170
>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
>> 0000000000000010
>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
>> 00007f99faa1a000
>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
>> 0000000000000014
>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
>> 0000000000001000
>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
>> ffffaa9248fffd98
>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
>> [ 3748.592614]  filemap_read+0x174/0x3e0
> 
> Interesting; it wasn't the process itself which triggered the page
> fault; the process called read() and the kernel took the page fault to
> satisfy the read() call.
> 
>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
>> [ 3748.617009]  vfs_read+0x103/0x1a0
>> [ 3748.620423]  ksys_read+0x67/0xf0
>> [ 3748.623743]  __x64_sys_read+0x19/0x20
>> [ 3748.627511]  do_syscall_64+0x59/0xc0
>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000000
>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
>> 00007f9a852989cc
>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
>> 0000000000000061
>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
>> 00007f99faa18010
>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
>> 00007f99faa18010
>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
>> 0000000000027100
> 
> ORIG_RAX is 0, which matches sys_read.
> RDI is file descriptor 0x61
> RSI is plausibly a userspace pointer, 0x7f99faa18010
> RDX is the length, 0x27100 or 160kB.
> 
> That all seems reasonable.
> 
> What I really want to know is who is _holding_ the lock.  We stash
> a pointer to the task_struct in 'owner', so we could clearly find this
> out in the 'blocked for too long' report, and print their stack trace.
> 
As described in the comment for __rwsem_set_reader_owned,it is hard to 
track read owners.So we could not clearly find out who blocked the 
process,it was caused by multiple tasks.
> You must have done something like this already in order to deduce that
> it was the direct reclaim path that was the problem?
> 
The method we used is to track the direct reclaim using the 
trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem 
occurred,we could get a very large "nr_reclaimed" which is not a 
desirable value for process except kswapd.

Thanks
Hongchen Zhang
Matthew Wilcox Sept. 15, 2022, 9 a.m. UTC | #6 
On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
> Hi Matthew,
> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
> > On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
> > > [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
> > > seconds.
> > > [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
> > > [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
> > > this message.
> > > [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
> > > 77327 flags:0x00004002
> > > [ 3748.483358] Call Trace:
> > > [ 3748.485964]  <TASK>
> > > [ 3748.488150]  __schedule+0x23d/0x590
> > > [ 3748.491804]  schedule+0x4e/0xc0
> > > [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
> > > [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
> > > [ 3748.505181]  down_read+0x43/0xa0
> > > [ 3748.508518]  do_user_addr_fault+0x41c/0x670
> > > [ 3748.512799]  exc_page_fault+0x77/0x170
> > > [ 3748.516673]  asm_exc_page_fault+0x26/0x30
> > > [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
> > > [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
> > > 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
> > > a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
> > > [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
> > > [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
> > > 0000000000000010
> > > [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
> > > 00007f99faa1a000
> > > [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
> > > 0000000000000014
> > > [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
> > > 0000000000001000
> > > [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
> > > ffffaa9248fffd98
> > > [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
> > > [ 3748.592614]  filemap_read+0x174/0x3e0
> > 
> > Interesting; it wasn't the process itself which triggered the page
> > fault; the process called read() and the kernel took the page fault to
> > satisfy the read() call.
> > 
> > > [ 3748.596354]  ? ima_file_check+0x6a/0xa0
> > > [ 3748.600301]  generic_file_read_iter+0xe5/0x150
> > > [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
> > > [ 3748.609164]  ? aa_file_perm+0x102/0x250
> > > [ 3748.613125]  new_sync_read+0x10d/0x1a0
> > > [ 3748.617009]  vfs_read+0x103/0x1a0
> > > [ 3748.620423]  ksys_read+0x67/0xf0
> > > [ 3748.623743]  __x64_sys_read+0x19/0x20
> > > [ 3748.627511]  do_syscall_64+0x59/0xc0
> > > [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
> > > [ 3748.636144]  ? do_syscall_64+0x69/0xc0
> > > [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
> > > [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
> > > [ 3748.649872]  ? irqentry_exit+0x1d/0x30
> > > [ 3748.653737]  ? exc_page_fault+0x89/0x170
> > > [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
> > > [ 3748.663030] RIP: 0033:0x7f9a852989cc
> > > [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
> > > 0000000000000000
> > > [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
> > > 00007f9a852989cc
> > > [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
> > > 0000000000000061
> > > [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
> > > 00007f99faa18010
> > > [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
> > > 00007f99faa18010
> > > [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
> > > 0000000000027100
> > 
> > ORIG_RAX is 0, which matches sys_read.
> > RDI is file descriptor 0x61
> > RSI is plausibly a userspace pointer, 0x7f99faa18010
> > RDX is the length, 0x27100 or 160kB.
> > 
> > That all seems reasonable.
> > 
> > What I really want to know is who is _holding_ the lock.  We stash
> > a pointer to the task_struct in 'owner', so we could clearly find this
> > out in the 'blocked for too long' report, and print their stack trace.
> > 
> As described in the comment for __rwsem_set_reader_owned,it is hard to track
> read owners.So we could not clearly find out who blocked the process,it was
> caused by multiple tasks.

Readers don't block readers.  You have a reader here, so it's being
blocked by a writer.  And that writer's task_struct is stashed in
rwsem->owner.  It would be nice if we dumped that information
automatically ... but we don't do that today.  Perhaps you could
grab that information from a crash dump if you have one.

> > You must have done something like this already in order to deduce that
> > it was the direct reclaim path that was the problem?
> > 
> The method we used is to track the direct reclaim using the
> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
> occurred,we could get a very large "nr_reclaimed" which is not a desirable
> value for process except kswapd.

I disagree.  If a process needs to allocate memory then it should be
paying the cost of reclaiming that memory itself.  kswapd is a last
resort to reclaim memory when we have a workload (eg a network router)
that does its memory allocation primarily in interrupt context.
Hongchen Zhang Sept. 15, 2022, 9:30 a.m. UTC | #7 
Hi Matthew,

On 2022/9/15 am 5:00, Matthew Wilcox wrote:
> On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
>> Hi Matthew,
>> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
>>> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
>>>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
>>>> seconds.
>>>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
>>>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
>>>> this message.
>>>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
>>>> 77327 flags:0x00004002
>>>> [ 3748.483358] Call Trace:
>>>> [ 3748.485964]  <TASK>
>>>> [ 3748.488150]  __schedule+0x23d/0x590
>>>> [ 3748.491804]  schedule+0x4e/0xc0
>>>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
>>>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
>>>> [ 3748.505181]  down_read+0x43/0xa0
>>>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
>>>> [ 3748.512799]  exc_page_fault+0x77/0x170
>>>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
>>>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
>>>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
>>>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
>>>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
>>>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
>>>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
>>>> 0000000000000010
>>>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
>>>> 00007f99faa1a000
>>>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
>>>> 0000000000000014
>>>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
>>>> 0000000000001000
>>>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
>>>> ffffaa9248fffd98
>>>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
>>>> [ 3748.592614]  filemap_read+0x174/0x3e0
>>>
>>> Interesting; it wasn't the process itself which triggered the page
>>> fault; the process called read() and the kernel took the page fault to
>>> satisfy the read() call.
>>>
>>>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
>>>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
>>>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
>>>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
>>>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
>>>> [ 3748.617009]  vfs_read+0x103/0x1a0
>>>> [ 3748.620423]  ksys_read+0x67/0xf0
>>>> [ 3748.623743]  __x64_sys_read+0x19/0x20
>>>> [ 3748.627511]  do_syscall_64+0x59/0xc0
>>>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
>>>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
>>>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
>>>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
>>>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
>>>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
>>>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
>>>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
>>>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
>>>> 0000000000000000
>>>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
>>>> 00007f9a852989cc
>>>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
>>>> 0000000000000061
>>>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
>>>> 00007f99faa18010
>>>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
>>>> 00007f99faa18010
>>>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
>>>> 0000000000027100
>>>
>>> ORIG_RAX is 0, which matches sys_read.
>>> RDI is file descriptor 0x61
>>> RSI is plausibly a userspace pointer, 0x7f99faa18010
>>> RDX is the length, 0x27100 or 160kB.
>>>
>>> That all seems reasonable.
>>>
>>> What I really want to know is who is _holding_ the lock.  We stash
>>> a pointer to the task_struct in 'owner', so we could clearly find this
>>> out in the 'blocked for too long' report, and print their stack trace.
>>>
>> As described in the comment for __rwsem_set_reader_owned,it is hard to track
>> read owners.So we could not clearly find out who blocked the process,it was
>> caused by multiple tasks.
> 
> Readers don't block readers.  You have a reader here, so it's being
> blocked by a writer.  And that writer's task_struct is stashed in
> rwsem->owner.  It would be nice if we dumped that information
> automatically ... but we don't do that today.  Perhaps you could
> grab that information from a crash dump if you have one.
> 
>>> You must have done something like this already in order to deduce that
>>> it was the direct reclaim path that was the problem?
>>>
>> The method we used is to track the direct reclaim using the
>> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
>> occurred,we could get a very large "nr_reclaimed" which is not a desirable
>> value for process except kswapd.
> 
> I disagree.  If a process needs to allocate memory then it should be
> paying the cost of reclaiming that memory itself.  kswapd is a last
> resort to reclaim memory when we have a workload (eg a network router)
> that does its memory allocation primarily in interrupt context.
> 
Yes,the process would reclaim required memory itself.But it should not 
do scan adjust too much,scan adjust is not its primary work.The scan 
adjust should be done by kswapd.

Thanks
Hongchen Zhang
Feng Tang Sept. 15, 2022, 1:38 p.m. UTC | #8 
Hi Hongchen,

On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
> Hi Matthew,
> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
> > On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
> >> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
> >> seconds.
> >> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
> >> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
> >> this message.
> >> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
> >> 77327 flags:0x00004002
> >> [ 3748.483358] Call Trace:
> >> [ 3748.485964]  <TASK>
> >> [ 3748.488150]  __schedule+0x23d/0x590
> >> [ 3748.491804]  schedule+0x4e/0xc0
> >> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
> >> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
> >> [ 3748.505181]  down_read+0x43/0xa0
> >> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
> >> [ 3748.512799]  exc_page_fault+0x77/0x170
> >> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
> >> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
> >> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
> >> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
> >> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
> >> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
> >> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
> >> 0000000000000010
> >> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
> >> 00007f99faa1a000
> >> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
> >> 0000000000000014
> >> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
> >> 0000000000001000
> >> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
> >> ffffaa9248fffd98
> >> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
> >> [ 3748.592614]  filemap_read+0x174/0x3e0
> > 
> > Interesting; it wasn't the process itself which triggered the page
> > fault; the process called read() and the kernel took the page fault to
> > satisfy the read() call.
> > 
> >> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
> >> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
> >> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
> >> [ 3748.609164]  ? aa_file_perm+0x102/0x250
> >> [ 3748.613125]  new_sync_read+0x10d/0x1a0
> >> [ 3748.617009]  vfs_read+0x103/0x1a0
> >> [ 3748.620423]  ksys_read+0x67/0xf0
> >> [ 3748.623743]  __x64_sys_read+0x19/0x20
> >> [ 3748.627511]  do_syscall_64+0x59/0xc0
> >> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
> >> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
> >> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
> >> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
> >> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
> >> [ 3748.653737]  ? exc_page_fault+0x89/0x170
> >> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
> >> [ 3748.663030] RIP: 0033:0x7f9a852989cc
> >> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
> >> 0000000000000000
> >> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
> >> 00007f9a852989cc
> >> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
> >> 0000000000000061
> >> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
> >> 00007f99faa18010
> >> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
> >> 00007f99faa18010
> >> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
> >> 0000000000027100
> > 
> > ORIG_RAX is 0, which matches sys_read.
> > RDI is file descriptor 0x61
> > RSI is plausibly a userspace pointer, 0x7f99faa18010
> > RDX is the length, 0x27100 or 160kB.
> > 
> > That all seems reasonable.
> > 
> > What I really want to know is who is _holding_ the lock.  We stash
> > a pointer to the task_struct in 'owner', so we could clearly find this
> > out in the 'blocked for too long' report, and print their stack trace.
> > 
> As described in the comment for __rwsem_set_reader_owned,it is hard to 
> track read owners.So we could not clearly find out who blocked the 
> process,it was caused by multiple tasks.

In your previous mail, you mentioned panic happened. Maybe you can try
appending "panic_print=0x1" to kernel command line , as it could print
the call stacks of all tasks on panic(the info could be huge).

Initially, we added it also to debug some deadlock (hunging task) bug. 

Thanks,
Feng
Hongchen Zhang Sept. 16, 2022, 12:57 a.m. UTC | #9 
Hi Andrew ,

On 2022/9/15 pm 5:00, Matthew Wilcox wrote:
> On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
>> Hi Matthew,
>> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
>>> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
>>>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
>>>> seconds.
>>>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
>>>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
>>>> this message.
>>>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
>>>> 77327 flags:0x00004002
>>>> [ 3748.483358] Call Trace:
>>>> [ 3748.485964]  <TASK>
>>>> [ 3748.488150]  __schedule+0x23d/0x590
>>>> [ 3748.491804]  schedule+0x4e/0xc0
>>>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
>>>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
>>>> [ 3748.505181]  down_read+0x43/0xa0
>>>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
>>>> [ 3748.512799]  exc_page_fault+0x77/0x170
>>>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
>>>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
>>>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
>>>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
>>>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
>>>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
>>>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
>>>> 0000000000000010
>>>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
>>>> 00007f99faa1a000
>>>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
>>>> 0000000000000014
>>>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
>>>> 0000000000001000
>>>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
>>>> ffffaa9248fffd98
>>>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
>>>> [ 3748.592614]  filemap_read+0x174/0x3e0
>>>
>>> Interesting; it wasn't the process itself which triggered the page
>>> fault; the process called read() and the kernel took the page fault to
>>> satisfy the read() call.
>>>
>>>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
>>>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
>>>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
>>>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
>>>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
>>>> [ 3748.617009]  vfs_read+0x103/0x1a0
>>>> [ 3748.620423]  ksys_read+0x67/0xf0
>>>> [ 3748.623743]  __x64_sys_read+0x19/0x20
>>>> [ 3748.627511]  do_syscall_64+0x59/0xc0
>>>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
>>>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
>>>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
>>>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
>>>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
>>>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
>>>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
>>>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
>>>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
>>>> 0000000000000000
>>>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
>>>> 00007f9a852989cc
>>>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
>>>> 0000000000000061
>>>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
>>>> 00007f99faa18010
>>>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
>>>> 00007f99faa18010
>>>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
>>>> 0000000000027100
>>>
>>> ORIG_RAX is 0, which matches sys_read.
>>> RDI is file descriptor 0x61
>>> RSI is plausibly a userspace pointer, 0x7f99faa18010
>>> RDX is the length, 0x27100 or 160kB.
>>>
>>> That all seems reasonable.
>>>
>>> What I really want to know is who is _holding_ the lock.  We stash
>>> a pointer to the task_struct in 'owner', so we could clearly find this
>>> out in the 'blocked for too long' report, and print their stack trace.
>>>
>> As described in the comment for __rwsem_set_reader_owned,it is hard to track
>> read owners.So we could not clearly find out who blocked the process,it was
>> caused by multiple tasks.
> 
> Readers don't block readers.  You have a reader here, so it's being
> blocked by a writer.  And that writer's task_struct is stashed in
> rwsem->owner.  It would be nice if we dumped that information
> automatically ... but we don't do that today.  Perhaps you could
> grab that information from a crash dump if you have one.
> 
>>> You must have done something like this already in order to deduce that
>>> it was the direct reclaim path that was the problem?
>>>
>> The method we used is to track the direct reclaim using the
>> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
>> occurred,we could get a very large "nr_reclaimed" which is not a desirable
>> value for process except kswapd.
> 
> I disagree.  If a process needs to allocate memory then it should be
> paying the cost of reclaiming that memory itself.  kswapd is a last
> resort to reclaim memory when we have a workload (eg a network router)
> that does its memory allocation primarily in interrupt context.
> 
What's your opinion about this scan adjust issue? Is there a better way 
to fix this issue?

Thanks
Hongchen Zhang
Matthew Wilcox Sept. 16, 2022, 8:40 a.m. UTC | #10 
On Fri, Sep 16, 2022 at 08:57:50AM +0800, Hongchen Zhang wrote:
> Hi Andrew ,
> 
> On 2022/9/15 pm 5:00, Matthew Wilcox wrote:
> > On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
> > > Hi Matthew,
> > > On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
> > > > On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
> > > > > [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
> > > > > seconds.
> > > > > [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
> > > > > [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
> > > > > this message.
> > > > > [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
> > > > > 77327 flags:0x00004002
> > > > > [ 3748.483358] Call Trace:
> > > > > [ 3748.485964]  <TASK>
> > > > > [ 3748.488150]  __schedule+0x23d/0x590
> > > > > [ 3748.491804]  schedule+0x4e/0xc0
> > > > > [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
> > > > > [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
> > > > > [ 3748.505181]  down_read+0x43/0xa0
> > > > > [ 3748.508518]  do_user_addr_fault+0x41c/0x670
> > > > > [ 3748.512799]  exc_page_fault+0x77/0x170
> > > > > [ 3748.516673]  asm_exc_page_fault+0x26/0x30
> > > > > [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
> > > > > [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
> > > > > 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
> > > > > a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
> > > > > [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
> > > > > [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
> > > > > 0000000000000010
> > > > > [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
> > > > > 00007f99faa1a000
> > > > > [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
> > > > > 0000000000000014
> > > > > [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
> > > > > 0000000000001000
> > > > > [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
> > > > > ffffaa9248fffd98
> > > > > [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
> > > > > [ 3748.592614]  filemap_read+0x174/0x3e0
> > > > 
> > > > Interesting; it wasn't the process itself which triggered the page
> > > > fault; the process called read() and the kernel took the page fault to
> > > > satisfy the read() call.
> > > > 
> > > > > [ 3748.596354]  ? ima_file_check+0x6a/0xa0
> > > > > [ 3748.600301]  generic_file_read_iter+0xe5/0x150
> > > > > [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
> > > > > [ 3748.609164]  ? aa_file_perm+0x102/0x250
> > > > > [ 3748.613125]  new_sync_read+0x10d/0x1a0
> > > > > [ 3748.617009]  vfs_read+0x103/0x1a0
> > > > > [ 3748.620423]  ksys_read+0x67/0xf0
> > > > > [ 3748.623743]  __x64_sys_read+0x19/0x20
> > > > > [ 3748.627511]  do_syscall_64+0x59/0xc0
> > > > > [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
> > > > > [ 3748.636144]  ? do_syscall_64+0x69/0xc0
> > > > > [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
> > > > > [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
> > > > > [ 3748.649872]  ? irqentry_exit+0x1d/0x30
> > > > > [ 3748.653737]  ? exc_page_fault+0x89/0x170
> > > > > [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
> > > > > [ 3748.663030] RIP: 0033:0x7f9a852989cc
> > > > > [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
> > > > > 0000000000000000
> > > > > [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
> > > > > 00007f9a852989cc
> > > > > [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
> > > > > 0000000000000061
> > > > > [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
> > > > > 00007f99faa18010
> > > > > [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
> > > > > 00007f99faa18010
> > > > > [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
> > > > > 0000000000027100
> > > > 
> > > > ORIG_RAX is 0, which matches sys_read.
> > > > RDI is file descriptor 0x61
> > > > RSI is plausibly a userspace pointer, 0x7f99faa18010
> > > > RDX is the length, 0x27100 or 160kB.
> > > > 
> > > > That all seems reasonable.
> > > > 
> > > > What I really want to know is who is _holding_ the lock.  We stash
> > > > a pointer to the task_struct in 'owner', so we could clearly find this
> > > > out in the 'blocked for too long' report, and print their stack trace.
> > > > 
> > > As described in the comment for __rwsem_set_reader_owned,it is hard to track
> > > read owners.So we could not clearly find out who blocked the process,it was
> > > caused by multiple tasks.
> > 
> > Readers don't block readers.  You have a reader here, so it's being
> > blocked by a writer.  And that writer's task_struct is stashed in
> > rwsem->owner.  It would be nice if we dumped that information
> > automatically ... but we don't do that today.  Perhaps you could
> > grab that information from a crash dump if you have one.
> > 
> > > > You must have done something like this already in order to deduce that
> > > > it was the direct reclaim path that was the problem?
> > > > 
> > > The method we used is to track the direct reclaim using the
> > > trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
> > > occurred,we could get a very large "nr_reclaimed" which is not a desirable
> > > value for process except kswapd.
> > 
> > I disagree.  If a process needs to allocate memory then it should be
> > paying the cost of reclaiming that memory itself.  kswapd is a last
> > resort to reclaim memory when we have a workload (eg a network router)
> > that does its memory allocation primarily in interrupt context.
> > 
> What's your opinion about this scan adjust issue? Is there a better way to
> fix this issue?

Yes, but we need you to gather more information about what's causing
the issue before we can suggest what that is.
Hongchen Zhang Sept. 16, 2022, 10:19 a.m. UTC | #11 
Hi Andrew and Matthew,

On 2022/9/16 pm 4:40, Matthew Wilcox wrote:
> On Fri, Sep 16, 2022 at 08:57:50AM +0800, Hongchen Zhang wrote:
>> Hi Andrew ,
>>
>> On 2022/9/15 pm 5:00, Matthew Wilcox wrote:
>>> On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
>>>> Hi Matthew,
>>>> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
>>>>> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
>>>>>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
>>>>>> seconds.
>>>>>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
>>>>>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
>>>>>> this message.
>>>>>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
>>>>>> 77327 flags:0x00004002
>>>>>> [ 3748.483358] Call Trace:
>>>>>> [ 3748.485964]  <TASK>
>>>>>> [ 3748.488150]  __schedule+0x23d/0x590
>>>>>> [ 3748.491804]  schedule+0x4e/0xc0
>>>>>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
>>>>>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
>>>>>> [ 3748.505181]  down_read+0x43/0xa0
>>>>>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
>>>>>> [ 3748.512799]  exc_page_fault+0x77/0x170
>>>>>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
>>>>>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
>>>>>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
>>>>>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
>>>>>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
>>>>>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
>>>>>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
>>>>>> 0000000000000010
>>>>>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
>>>>>> 00007f99faa1a000
>>>>>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
>>>>>> 0000000000000014
>>>>>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
>>>>>> 0000000000001000
>>>>>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
>>>>>> ffffaa9248fffd98
>>>>>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
>>>>>> [ 3748.592614]  filemap_read+0x174/0x3e0
>>>>>
>>>>> Interesting; it wasn't the process itself which triggered the page
>>>>> fault; the process called read() and the kernel took the page fault to
>>>>> satisfy the read() call.
>>>>>
>>>>>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
>>>>>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
>>>>>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
>>>>>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
>>>>>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
>>>>>> [ 3748.617009]  vfs_read+0x103/0x1a0
>>>>>> [ 3748.620423]  ksys_read+0x67/0xf0
>>>>>> [ 3748.623743]  __x64_sys_read+0x19/0x20
>>>>>> [ 3748.627511]  do_syscall_64+0x59/0xc0
>>>>>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
>>>>>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
>>>>>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
>>>>>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
>>>>>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
>>>>>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
>>>>>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
>>>>>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
>>>>>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
>>>>>> 0000000000000000
>>>>>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
>>>>>> 00007f9a852989cc
>>>>>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
>>>>>> 0000000000000061
>>>>>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
>>>>>> 00007f99faa18010
>>>>>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
>>>>>> 00007f99faa18010
>>>>>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
>>>>>> 0000000000027100
>>>>>
>>>>> ORIG_RAX is 0, which matches sys_read.
>>>>> RDI is file descriptor 0x61
>>>>> RSI is plausibly a userspace pointer, 0x7f99faa18010
>>>>> RDX is the length, 0x27100 or 160kB.
>>>>>
>>>>> That all seems reasonable.
>>>>>
>>>>> What I really want to know is who is _holding_ the lock.  We stash
>>>>> a pointer to the task_struct in 'owner', so we could clearly find this
>>>>> out in the 'blocked for too long' report, and print their stack trace.
>>>>>
>>>> As described in the comment for __rwsem_set_reader_owned,it is hard to track
>>>> read owners.So we could not clearly find out who blocked the process,it was
>>>> caused by multiple tasks.
>>>
>>> Readers don't block readers.  You have a reader here, so it's being
>>> blocked by a writer.  And that writer's task_struct is stashed in
>>> rwsem->owner.  It would be nice if we dumped that information
>>> automatically ... but we don't do that today.  Perhaps you could
>>> grab that information from a crash dump if you have one.
>>>
>>>>> You must have done something like this already in order to deduce that
>>>>> it was the direct reclaim path that was the problem?
>>>>>
>>>> The method we used is to track the direct reclaim using the
>>>> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
>>>> occurred,we could get a very large "nr_reclaimed" which is not a desirable
>>>> value for process except kswapd.
>>>
>>> I disagree.  If a process needs to allocate memory then it should be
>>> paying the cost of reclaiming that memory itself.  kswapd is a last
>>> resort to reclaim memory when we have a workload (eg a network router)
>>> that does its memory allocation primarily in interrupt context.
>>>
>> What's your opinion about this scan adjust issue? Is there a better way to
>> fix this issue?
> 
> Yes, but we need you to gather more information about what's causing
> the issue before we can suggest what that is.
> 
I think the following scenery triggers the scan adjust issue:
In function shrink_lruvec, we call get_scan_count and get the following 
values:
targets[LRU_INACTIVE_ANON]=50000
targets[LRU_ACTIVE_ANON]=50000
targets[LRU_INACTIVE_FILE]=128
targets[LRU_ACTIVE_FILE]=129

After the first scan, we get more than nr_to_reclaim pages, but the 
percentage of scanning nr[LRU_INACTIVE_FILE+LRU_ACTIVE_FILE] is 256/257, 

Then when we scan adjust, we must scan(possibly reclaim) 
256*(50000+50000)/257-256=99354 pages, which is too large and would 
waste too many time.
If it is not kswapd, it is unacceptable to reclaim so many pages.
So we should limit the number of pages of scan adjust.

Thanks
Hongchen Zhang
Yosry Ahmed Sept. 19, 2022, 11:32 p.m. UTC | #12 
On Fri, Sep 16, 2022 at 3:20 AM Hongchen Zhang
<zhanghongchen@loongson.cn> wrote:
>
> Hi Andrew and Matthew,
>
> On 2022/9/16 pm 4:40, Matthew Wilcox wrote:
> > On Fri, Sep 16, 2022 at 08:57:50AM +0800, Hongchen Zhang wrote:
> >> Hi Andrew ,
> >>
> >> On 2022/9/15 pm 5:00, Matthew Wilcox wrote:
> >>> On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
> >>>> Hi Matthew,
> >>>> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
> >>>>> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
> >>>>>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
> >>>>>> seconds.
> >>>>>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
> >>>>>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
> >>>>>> this message.
> >>>>>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
> >>>>>> 77327 flags:0x00004002
> >>>>>> [ 3748.483358] Call Trace:
> >>>>>> [ 3748.485964]  <TASK>
> >>>>>> [ 3748.488150]  __schedule+0x23d/0x590
> >>>>>> [ 3748.491804]  schedule+0x4e/0xc0
> >>>>>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
> >>>>>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
> >>>>>> [ 3748.505181]  down_read+0x43/0xa0
> >>>>>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
> >>>>>> [ 3748.512799]  exc_page_fault+0x77/0x170
> >>>>>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
> >>>>>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
> >>>>>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
> >>>>>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
> >>>>>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
> >>>>>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
> >>>>>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
> >>>>>> 0000000000000010
> >>>>>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
> >>>>>> 00007f99faa1a000
> >>>>>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
> >>>>>> 0000000000000014
> >>>>>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
> >>>>>> 0000000000001000
> >>>>>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
> >>>>>> ffffaa9248fffd98
> >>>>>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
> >>>>>> [ 3748.592614]  filemap_read+0x174/0x3e0
> >>>>>
> >>>>> Interesting; it wasn't the process itself which triggered the page
> >>>>> fault; the process called read() and the kernel took the page fault to
> >>>>> satisfy the read() call.
> >>>>>
> >>>>>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
> >>>>>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
> >>>>>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
> >>>>>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
> >>>>>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
> >>>>>> [ 3748.617009]  vfs_read+0x103/0x1a0
> >>>>>> [ 3748.620423]  ksys_read+0x67/0xf0
> >>>>>> [ 3748.623743]  __x64_sys_read+0x19/0x20
> >>>>>> [ 3748.627511]  do_syscall_64+0x59/0xc0
> >>>>>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
> >>>>>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
> >>>>>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
> >>>>>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
> >>>>>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
> >>>>>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
> >>>>>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
> >>>>>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
> >>>>>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
> >>>>>> 0000000000000000
> >>>>>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
> >>>>>> 00007f9a852989cc
> >>>>>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
> >>>>>> 0000000000000061
> >>>>>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
> >>>>>> 00007f99faa18010
> >>>>>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
> >>>>>> 00007f99faa18010
> >>>>>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
> >>>>>> 0000000000027100
> >>>>>
> >>>>> ORIG_RAX is 0, which matches sys_read.
> >>>>> RDI is file descriptor 0x61
> >>>>> RSI is plausibly a userspace pointer, 0x7f99faa18010
> >>>>> RDX is the length, 0x27100 or 160kB.
> >>>>>
> >>>>> That all seems reasonable.
> >>>>>
> >>>>> What I really want to know is who is _holding_ the lock.  We stash
> >>>>> a pointer to the task_struct in 'owner', so we could clearly find this
> >>>>> out in the 'blocked for too long' report, and print their stack trace.
> >>>>>
> >>>> As described in the comment for __rwsem_set_reader_owned,it is hard to track
> >>>> read owners.So we could not clearly find out who blocked the process,it was
> >>>> caused by multiple tasks.
> >>>
> >>> Readers don't block readers.  You have a reader here, so it's being
> >>> blocked by a writer.  And that writer's task_struct is stashed in
> >>> rwsem->owner.  It would be nice if we dumped that information
> >>> automatically ... but we don't do that today.  Perhaps you could
> >>> grab that information from a crash dump if you have one.
> >>>
> >>>>> You must have done something like this already in order to deduce that
> >>>>> it was the direct reclaim path that was the problem?
> >>>>>
> >>>> The method we used is to track the direct reclaim using the
> >>>> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
> >>>> occurred,we could get a very large "nr_reclaimed" which is not a desirable
> >>>> value for process except kswapd.
> >>>
> >>> I disagree.  If a process needs to allocate memory then it should be
> >>> paying the cost of reclaiming that memory itself.  kswapd is a last
> >>> resort to reclaim memory when we have a workload (eg a network router)
> >>> that does its memory allocation primarily in interrupt context.
> >>>
> >> What's your opinion about this scan adjust issue? Is there a better way to
> >> fix this issue?
> >
> > Yes, but we need you to gather more information about what's causing
> > the issue before we can suggest what that is.
> >
> I think the following scenery triggers the scan adjust issue:
> In function shrink_lruvec, we call get_scan_count and get the following
> values:
> targets[LRU_INACTIVE_ANON]=50000
> targets[LRU_ACTIVE_ANON]=50000
> targets[LRU_INACTIVE_FILE]=128
> targets[LRU_ACTIVE_FILE]=129
>
> After the first scan, we get more than nr_to_reclaim pages, but the
> percentage of scanning nr[LRU_INACTIVE_FILE+LRU_ACTIVE_FILE] is 256/257,
>
> Then when we scan adjust, we must scan(possibly reclaim)
> 256*(50000+50000)/257-256=99354 pages, which is too large and would
> waste too many time.
> If it is not kswapd, it is unacceptable to reclaim so many pages.
> So we should limit the number of pages of scan adjust.

IIUC commit 6eb90d649537 ("mm: vmscan: fix extreme overreclaim and
swap floods") that was recently sent by Johannes [1] addresses a
similar issue (reclaiming way beyond nr_to_reclaim when anon vs file
LRU sizes are very different), but in a slightly different scenario.
IIUC with Johannes's patch, scan adjustment is already limited for
scenarios where scan_adjust (aka proportional_reclaim) is not
initialized to true, which would be all cases except global direct
reclaim on DEF_PRIORITY. Is my understanding here correct?

[1] https://lore.kernel.org/lkml/20220802162811.39216-1-hannes@cmpxchg.org/
>
> Thanks
> Hongchen Zhang
>
>
Hongchen Zhang Sept. 20, 2022, 2:23 a.m. UTC | #13 
Hi Mel,

The scan adjust algorithm was originally introduced by you from
commmit e82e0561dae9 ("mm: vmscan: obey proportional scanning 
requirements for kswapd"), any suggestion about this fix patch?
In short, proportional scanning is not friendly to processes other than 
kswapd.

Thanks
Hongchen Zhang

On 2022/9/16 pm 6:19, Hongchen Zhang wrote:
> Hi Andrew and Matthew,
> 
> On 2022/9/16 pm 4:40, Matthew Wilcox wrote:
>> On Fri, Sep 16, 2022 at 08:57:50AM +0800, Hongchen Zhang wrote:
>>> Hi Andrew ,
>>>
>>> On 2022/9/15 pm 5:00, Matthew Wilcox wrote:
>>>> On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
>>>>> Hi Matthew,
>>>>> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
>>>>>> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
>>>>>>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more 
>>>>>>> than 120
>>>>>>> seconds.
>>>>>>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
>>>>>>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" 
>>>>>>> disables
>>>>>>> this message.
>>>>>>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 
>>>>>>> ppid:
>>>>>>> 77327 flags:0x00004002
>>>>>>> [ 3748.483358] Call Trace:
>>>>>>> [ 3748.485964]  <TASK>
>>>>>>> [ 3748.488150]  __schedule+0x23d/0x590
>>>>>>> [ 3748.491804]  schedule+0x4e/0xc0
>>>>>>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
>>>>>>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
>>>>>>> [ 3748.505181]  down_read+0x43/0xa0
>>>>>>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
>>>>>>> [ 3748.512799]  exc_page_fault+0x77/0x170
>>>>>>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
>>>>>>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
>>>>>>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 
>>>>>>> 31 c0 0f
>>>>>>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 
>>>>>>> 89 d1 <f3>
>>>>>>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
>>>>>>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
>>>>>>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
>>>>>>> 0000000000000010
>>>>>>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
>>>>>>> 00007f99faa1a000
>>>>>>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
>>>>>>> 0000000000000014
>>>>>>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
>>>>>>> 0000000000001000
>>>>>>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
>>>>>>> ffffaa9248fffd98
>>>>>>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
>>>>>>> [ 3748.592614]  filemap_read+0x174/0x3e0
>>>>>>
>>>>>> Interesting; it wasn't the process itself which triggered the page
>>>>>> fault; the process called read() and the kernel took the page 
>>>>>> fault to
>>>>>> satisfy the read() call.
>>>>>>
>>>>>>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
>>>>>>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
>>>>>>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
>>>>>>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
>>>>>>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
>>>>>>> [ 3748.617009]  vfs_read+0x103/0x1a0
>>>>>>> [ 3748.620423]  ksys_read+0x67/0xf0
>>>>>>> [ 3748.623743]  __x64_sys_read+0x19/0x20
>>>>>>> [ 3748.627511]  do_syscall_64+0x59/0xc0
>>>>>>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
>>>>>>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
>>>>>>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
>>>>>>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
>>>>>>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
>>>>>>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
>>>>>>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
>>>>>>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
>>>>>>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
>>>>>>> 0000000000000000
>>>>>>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
>>>>>>> 00007f9a852989cc
>>>>>>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
>>>>>>> 0000000000000061
>>>>>>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
>>>>>>> 00007f99faa18010
>>>>>>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
>>>>>>> 00007f99faa18010
>>>>>>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
>>>>>>> 0000000000027100
>>>>>>
>>>>>> ORIG_RAX is 0, which matches sys_read.
>>>>>> RDI is file descriptor 0x61
>>>>>> RSI is plausibly a userspace pointer, 0x7f99faa18010
>>>>>> RDX is the length, 0x27100 or 160kB.
>>>>>>
>>>>>> That all seems reasonable.
>>>>>>
>>>>>> What I really want to know is who is _holding_ the lock.  We stash
>>>>>> a pointer to the task_struct in 'owner', so we could clearly find 
>>>>>> this
>>>>>> out in the 'blocked for too long' report, and print their stack 
>>>>>> trace.
>>>>>>
>>>>> As described in the comment for __rwsem_set_reader_owned,it is hard 
>>>>> to track
>>>>> read owners.So we could not clearly find out who blocked the 
>>>>> process,it was
>>>>> caused by multiple tasks.
>>>>
>>>> Readers don't block readers.  You have a reader here, so it's being
>>>> blocked by a writer.  And that writer's task_struct is stashed in
>>>> rwsem->owner.  It would be nice if we dumped that information
>>>> automatically ... but we don't do that today.  Perhaps you could
>>>> grab that information from a crash dump if you have one.
>>>>
>>>>>> You must have done something like this already in order to deduce 
>>>>>> that
>>>>>> it was the direct reclaim path that was the problem?
>>>>>>
>>>>> The method we used is to track the direct reclaim using the
>>>>> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
>>>>> occurred,we could get a very large "nr_reclaimed" which is not a 
>>>>> desirable
>>>>> value for process except kswapd.
>>>>
>>>> I disagree.  If a process needs to allocate memory then it should be
>>>> paying the cost of reclaiming that memory itself.  kswapd is a last
>>>> resort to reclaim memory when we have a workload (eg a network router)
>>>> that does its memory allocation primarily in interrupt context.
>>>>
>>> What's your opinion about this scan adjust issue? Is there a better 
>>> way to
>>> fix this issue?
>>
>> Yes, but we need you to gather more information about what's causing
>> the issue before we can suggest what that is.
>>
> I think the following scenery triggers the scan adjust issue:
> In function shrink_lruvec, we call get_scan_count and get the following 
> values:
> targets[LRU_INACTIVE_ANON]=50000
> targets[LRU_ACTIVE_ANON]=50000
> targets[LRU_INACTIVE_FILE]=128
> targets[LRU_ACTIVE_FILE]=129
> 
> After the first scan, we get more than nr_to_reclaim pages, but the 
> percentage of scanning nr[LRU_INACTIVE_FILE+LRU_ACTIVE_FILE] is 256/257,
> Then when we scan adjust, we must scan(possibly reclaim) 
> 256*(50000+50000)/257-256=99354 pages, which is too large and would 
> waste too many time.
> If it is not kswapd, it is unacceptable to reclaim so many pages.
> So we should limit the number of pages of scan adjust.
> 
> Thanks
> Hongchen Zhang
Hongchen Zhang Sept. 20, 2022, 5:53 a.m. UTC | #14 
Hi Yosry,

Sorry for not replying in time, there was a problem with my email.

On 2022/9/20 am 7:32, Yosry Ahmed wrote:
> On Fri, Sep 16, 2022 at 3:20 AM Hongchen Zhang
> <zhanghongchen@loongson.cn> wrote:
>>
>> Hi Andrew and Matthew,
>>
>> On 2022/9/16 pm 4:40, Matthew Wilcox wrote:
>>> On Fri, Sep 16, 2022 at 08:57:50AM +0800, Hongchen Zhang wrote:
>>>> Hi Andrew ,
>>>>
>>>> On 2022/9/15 pm 5:00, Matthew Wilcox wrote:
>>>>> On Thu, Sep 15, 2022 at 04:02:41PM +0800, Hongchen Zhang wrote:
>>>>>> Hi Matthew,
>>>>>> On 2022/9/15 pm 3:28, Matthew Wilcox wrote:
>>>>>>> On Thu, Sep 15, 2022 at 09:19:48AM +0800, Hongchen Zhang wrote:
>>>>>>>> [ 3748.453561] INFO: task float_bessel:77920 blocked for more than 120
>>>>>>>> seconds.
>>>>>>>> [ 3748.460839]       Not tainted 5.15.0-46-generic #49-Ubuntu
>>>>>>>> [ 3748.466490] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
>>>>>>>> this message.
>>>>>>>> [ 3748.474618] task:float_bessel    state:D stack:    0 pid:77920 ppid:
>>>>>>>> 77327 flags:0x00004002
>>>>>>>> [ 3748.483358] Call Trace:
>>>>>>>> [ 3748.485964]  <TASK>
>>>>>>>> [ 3748.488150]  __schedule+0x23d/0x590
>>>>>>>> [ 3748.491804]  schedule+0x4e/0xc0
>>>>>>>> [ 3748.495038]  rwsem_down_read_slowpath+0x336/0x390
>>>>>>>> [ 3748.499886]  ? copy_user_enhanced_fast_string+0xe/0x40
>>>>>>>> [ 3748.505181]  down_read+0x43/0xa0
>>>>>>>> [ 3748.508518]  do_user_addr_fault+0x41c/0x670
>>>>>>>> [ 3748.512799]  exc_page_fault+0x77/0x170
>>>>>>>> [ 3748.516673]  asm_exc_page_fault+0x26/0x30
>>>>>>>> [ 3748.520824] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x40
>>>>>>>> [ 3748.526764] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f
>>>>>>>> 01 ca c3 cc cc cc cc 0f 1f 00 0f 01 cb 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3>
>>>>>>>> a4 31 c0 0f 01 ca c3 cc cc cc cc 66 08
>>>>>>>> [ 3748.546120] RSP: 0018:ffffaa9248fffb90 EFLAGS: 00050206
>>>>>>>> [ 3748.551495] RAX: 00007f99faa1a010 RBX: ffffaa9248fffd88 RCX:
>>>>>>>> 0000000000000010
>>>>>>>> [ 3748.558828] RDX: 0000000000001000 RSI: ffff9db397ab8ff0 RDI:
>>>>>>>> 00007f99faa1a000
>>>>>>>> [ 3748.566160] RBP: ffffaa9248fffbf0 R08: ffffcc2fc2965d80 R09:
>>>>>>>> 0000000000000014
>>>>>>>> [ 3748.573492] R10: 0000000000000000 R11: 0000000000000014 R12:
>>>>>>>> 0000000000001000
>>>>>>>> [ 3748.580858] R13: 0000000000001000 R14: 0000000000000000 R15:
>>>>>>>> ffffaa9248fffd98
>>>>>>>> [ 3748.588196]  ? copy_page_to_iter+0x10e/0x400
>>>>>>>> [ 3748.592614]  filemap_read+0x174/0x3e0
>>>>>>>
>>>>>>> Interesting; it wasn't the process itself which triggered the page
>>>>>>> fault; the process called read() and the kernel took the page fault to
>>>>>>> satisfy the read() call.
>>>>>>>
>>>>>>>> [ 3748.596354]  ? ima_file_check+0x6a/0xa0
>>>>>>>> [ 3748.600301]  generic_file_read_iter+0xe5/0x150
>>>>>>>> [ 3748.604884]  ext4_file_read_iter+0x5b/0x190
>>>>>>>> [ 3748.609164]  ? aa_file_perm+0x102/0x250
>>>>>>>> [ 3748.613125]  new_sync_read+0x10d/0x1a0
>>>>>>>> [ 3748.617009]  vfs_read+0x103/0x1a0
>>>>>>>> [ 3748.620423]  ksys_read+0x67/0xf0
>>>>>>>> [ 3748.623743]  __x64_sys_read+0x19/0x20
>>>>>>>> [ 3748.627511]  do_syscall_64+0x59/0xc0
>>>>>>>> [ 3748.631203]  ? syscall_exit_to_user_mode+0x27/0x50
>>>>>>>> [ 3748.636144]  ? do_syscall_64+0x69/0xc0
>>>>>>>> [ 3748.639992]  ? exit_to_user_mode_prepare+0x96/0xb0
>>>>>>>> [ 3748.644931]  ? irqentry_exit_to_user_mode+0x9/0x20
>>>>>>>> [ 3748.649872]  ? irqentry_exit+0x1d/0x30
>>>>>>>> [ 3748.653737]  ? exc_page_fault+0x89/0x170
>>>>>>>> [ 3748.657795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
>>>>>>>> [ 3748.663030] RIP: 0033:0x7f9a852989cc
>>>>>>>> [ 3748.666713] RSP: 002b:00007f9a8497dc90 EFLAGS: 00000246 ORIG_RAX:
>>>>>>>> 0000000000000000
>>>>>>>> [ 3748.674487] RAX: ffffffffffffffda RBX: 00007f9a8497f5c0 RCX:
>>>>>>>> 00007f9a852989cc
>>>>>>>> [ 3748.681817] RDX: 0000000000027100 RSI: 00007f99faa18010 RDI:
>>>>>>>> 0000000000000061
>>>>>>>> [ 3748.689150] RBP: 00007f9a8497dd60 R08: 0000000000000000 R09:
>>>>>>>> 00007f99faa18010
>>>>>>>> [ 3748.696493] R10: 0000000000000000 R11: 0000000000000246 R12:
>>>>>>>> 00007f99faa18010
>>>>>>>> [ 3748.703841] R13: 00005605e11c406f R14: 0000000000000001 R15:
>>>>>>>> 0000000000027100
>>>>>>>
>>>>>>> ORIG_RAX is 0, which matches sys_read.
>>>>>>> RDI is file descriptor 0x61
>>>>>>> RSI is plausibly a userspace pointer, 0x7f99faa18010
>>>>>>> RDX is the length, 0x27100 or 160kB.
>>>>>>>
>>>>>>> That all seems reasonable.
>>>>>>>
>>>>>>> What I really want to know is who is _holding_ the lock.  We stash
>>>>>>> a pointer to the task_struct in 'owner', so we could clearly find this
>>>>>>> out in the 'blocked for too long' report, and print their stack trace.
>>>>>>>
>>>>>> As described in the comment for __rwsem_set_reader_owned,it is hard to track
>>>>>> read owners.So we could not clearly find out who blocked the process,it was
>>>>>> caused by multiple tasks.
>>>>>
>>>>> Readers don't block readers.  You have a reader here, so it's being
>>>>> blocked by a writer.  And that writer's task_struct is stashed in
>>>>> rwsem->owner.  It would be nice if we dumped that information
>>>>> automatically ... but we don't do that today.  Perhaps you could
>>>>> grab that information from a crash dump if you have one.
>>>>>
>>>>>>> You must have done something like this already in order to deduce that
>>>>>>> it was the direct reclaim path that was the problem?
>>>>>>>
>>>>>> The method we used is to track the direct reclaim using the
>>>>>> trace_mm_vmscan_direct_reclaim_{begin,end} interface.When the problem
>>>>>> occurred,we could get a very large "nr_reclaimed" which is not a desirable
>>>>>> value for process except kswapd.
>>>>>
>>>>> I disagree.  If a process needs to allocate memory then it should be
>>>>> paying the cost of reclaiming that memory itself.  kswapd is a last
>>>>> resort to reclaim memory when we have a workload (eg a network router)
>>>>> that does its memory allocation primarily in interrupt context.
>>>>>
>>>> What's your opinion about this scan adjust issue? Is there a better way to
>>>> fix this issue?
>>>
>>> Yes, but we need you to gather more information about what's causing
>>> the issue before we can suggest what that is.
>>>
>> I think the following scenery triggers the scan adjust issue:
>> In function shrink_lruvec, we call get_scan_count and get the following
>> values:
>> targets[LRU_INACTIVE_ANON]=50000
>> targets[LRU_ACTIVE_ANON]=50000
>> targets[LRU_INACTIVE_FILE]=128
>> targets[LRU_ACTIVE_FILE]=129
>>
>> After the first scan, we get more than nr_to_reclaim pages, but the
>> percentage of scanning nr[LRU_INACTIVE_FILE+LRU_ACTIVE_FILE] is 256/257,
>>
>> Then when we scan adjust, we must scan(possibly reclaim)
>> 256*(50000+50000)/257-256=99354 pages, which is too large and would
>> waste too many time.
>> If it is not kswapd, it is unacceptable to reclaim so many pages.
>> So we should limit the number of pages of scan adjust.
> 
> IIUC commit 6eb90d649537 ("mm: vmscan: fix extreme overreclaim and
> swap floods") that was recently sent by Johannes [1] addresses a
> similar issue (reclaiming way beyond nr_to_reclaim when anon vs file
> LRU sizes are very different), but in a slightly different scenario.
> IIUC with Johannes's patch, scan adjustment is already limited for
> scenarios where scan_adjust (aka proportional_reclaim) is not
> initialized to true, which would be all cases except global direct
> reclaim on DEF_PRIORITY. Is my understanding here correct?
> 
Yes, this patch fix the same issue,let's talk this issue there.
> [1] https://lore.kernel.org/lkml/20220802162811.39216-1-hannes@cmpxchg.org/
>>
>> Thanks
>> Hongchen Zhang
>>
>>
> 
>
Mel Gorman Sept. 21, 2022, 9:13 a.m. UTC | #15 
On Tue, Sep 20, 2022 at 10:23:05AM +0800, Hongchen Zhang wrote:
> Hi Mel,
> 
> The scan adjust algorithm was originally introduced by you from
> commmit e82e0561dae9 ("mm: vmscan: obey proportional scanning requirements
> for kswapd"), any suggestion about this fix patch?
> In short, proportional scanning is not friendly to processes other than
> kswapd.
> 

I suspect that 6eb90d649537 ("mm: vmscan: fix extreme overreclaim and swap
floods") is a more appropriate fix. While it also has a fairness impact,
it's a more general approach that is likely more robust and while
fairness is important, completely thrashing a full LRU is neither fair
nor expected.
Hongchen Zhang Sept. 21, 2022, 10:14 a.m. UTC | #16 
Hi Mel,

Thanks for your reply.

On 2022/9/21 pm 5:13, Mel Gorman wrote:
> On Tue, Sep 20, 2022 at 10:23:05AM +0800, Hongchen Zhang wrote:
>> Hi Mel,
>>
>> The scan adjust algorithm was originally introduced by you from
>> commmit e82e0561dae9 ("mm: vmscan: obey proportional scanning requirements
>> for kswapd"), any suggestion about this fix patch?
>> In short, proportional scanning is not friendly to processes other than
>> kswapd.
>>
> 
> I suspect that 6eb90d649537 ("mm: vmscan: fix extreme overreclaim and swap
> floods") is a more appropriate fix. While it also has a fairness impact,
> it's a more general approach that is likely more robust and while
> fairness is important, completely thrashing a full LRU is neither fair
> nor expected.
> 
OK,got it. Let's wait for the 6eb90d649537 ("mm: vmscan: fix extreme 
overreclaim and swap floods") enter the stable repository.

Best Regards
Hongchen Zhang
diff mbox series

Patch

diff --git a/mm/vmscan.c b/mm/vmscan.c
index b2b1431352dc..07fb58db812b 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -3042,11 +3042,17 @@  static void shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc)
 		nr[lru] = targets[lru] * (100 - percentage) / 100;
 		nr[lru] -= min(nr[lru], nr_scanned);
 
+		if (!current_is_kswapd())
+			nr[lru] = min(nr[lru], nr_to_reclaim);
+
 		lru += LRU_ACTIVE;
 		nr_scanned = targets[lru] - nr[lru];
 		nr[lru] = targets[lru] * (100 - percentage) / 100;
 		nr[lru] -= min(nr[lru], nr_scanned);
 
+		if (!current_is_kswapd())
+			nr[lru] = min(nr[lru], nr_to_reclaim);
+
 		scan_adjusted = true;
 	}
 	blk_finish_plug(&plug);