[Bug-Candidate]: Echidna OOMs in optimization mode + sym-exec #1510
Description
Describe the issue:
The following command is crashing with OOM:
screen -d -L -m echidna tests/recon/CryticTester.sol --contract CryticTester --config echidna.yaml --sym-exec true --test-mode optimization --format text --workers 48 --test-limit 1000000000
System Logs:
[Sun Jan 4 04:36:28 2026] ghc_worker invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[Sun Jan 4 04:36:28 2026] CPU: 22 PID: 2812386 Comm: ghc_worker Not tainted 6.8.0-71-generic #71-Ubuntu
[Sun Jan 4 04:36:28 2026] Hardware name: Hetzner vServer/Standard PC (Q35 + ICH9, 2009), BIOS 20171111 11/11/2017
[Sun Jan 4 04:36:28 2026] Call Trace:
[Sun Jan 4 04:36:28 2026] <TASK>
[Sun Jan 4 04:36:28 2026] dump_stack_lvl+0x76/0xa0
[Sun Jan 4 04:36:28 2026] dump_stack+0x10/0x20
[Sun Jan 4 04:36:28 2026] dump_header+0x47/0x1f0
[Sun Jan 4 04:36:28 2026] oom_kill_process+0x118/0x280
[Sun Jan 4 04:36:28 2026] ? srso_alias_return_thunk+0x5/0xfbef5
[Sun Jan 4 04:36:28 2026] ? oom_evaluate_task+0x143/0x1e0
[Sun Jan 4 04:36:28 2026] out_of_memory+0x103/0x350
[Sun Jan 4 04:36:28 2026] __alloc_pages_may_oom+0x10c/0x1d0
[Sun Jan 4 04:36:28 2026] __alloc_pages_slowpath.constprop.0+0x420/0x9f0
[Sun Jan 4 04:36:28 2026] __alloc_pages+0x31f/0x350
[Sun Jan 4 04:36:28 2026] alloc_pages_mpol+0x91/0x210
[Sun Jan 4 04:36:28 2026] alloc_pages+0x5b/0xd0
[Sun Jan 4 04:36:28 2026] folio_alloc+0x15/0x40
[Sun Jan 4 04:36:28 2026] filemap_alloc_folio+0xf4/0x100
[Sun Jan 4 04:36:28 2026] __filemap_get_folio+0x195/0x2d0
[Sun Jan 4 04:36:28 2026] filemap_fault+0x15c/0x8e0
[Sun Jan 4 04:36:28 2026] ? srso_alias_return_thunk+0x5/0xfbef5
[Sun Jan 4 04:36:28 2026] __do_fault+0x3d/0x190
[Sun Jan 4 04:36:28 2026] do_read_fault+0x133/0x200
[Sun Jan 4 04:36:28 2026] do_fault+0xf0/0x260
[Sun Jan 4 04:36:28 2026] handle_pte_fault+0x114/0x1d0
[Sun Jan 4 04:36:28 2026] __handle_mm_fault+0x654/0x800
[Sun Jan 4 04:36:28 2026] handle_mm_fault+0x18a/0x380
[Sun Jan 4 04:36:28 2026] do_user_addr_fault+0x169/0x670
[Sun Jan 4 04:36:28 2026] exc_page_fault+0x83/0x1b0
[Sun Jan 4 04:36:28 2026] asm_exc_page_fault+0x27/0x30
[Sun Jan 4 04:36:28 2026] RIP: 0033:0x1ab5be0
[Sun Jan 4 04:36:28 2026] Code: Unable to access opcode bytes at 0x1ab5bb6.
[Sun Jan 4 04:36:28 2026] RSP: 002b:00007a98c200f8e8 EFLAGS: 00010206
[Sun Jan 4 04:36:28 2026] RAX: 3e9a1cfcb9d4acc2 RBX: 0f0f0f0f0f0f0f0f RCX: 0000000000000000
[Sun Jan 4 04:36:28 2026] RDX: 0f0f0f0f0f0f0f0f RSI: 0000000000000001 RDI: 00007a98c200f8f8
[Sun Jan 4 04:36:28 2026] RBP: 00007a98c200f900 R08: 0000000000000001 R09: 0000000000000000
[Sun Jan 4 04:36:28 2026] R10: 0000000000000001 R11: 0000000000000001 R12: 00000042556b88a8
[Sun Jan 4 04:36:28 2026] R13: 00007a98c2b743d8 R14: 00000042556b88a1 R15: 00000042c5f640c0
[Sun Jan 4 04:36:28 2026] </TASK>
[Sun Jan 4 04:36:28 2026] Mem-Info:
[Sun Jan 4 04:36:28 2026] active_anon:211616 inactive_anon:47658207 isolated_anon:0
active_file:429 inactive_file:562 isolated_file:0
unevictable:7829 dirty:0 writeback:0
slab_reclaimable:12334 slab_unreclaimable:70999
mapped:2361 shmem:1275 pagetables:94779
sec_pagetables:0 bounce:0
kernel_misc_reclaimable:0
free:212690 free_pcp:907 free_cma:0
[Sun Jan 4 04:36:28 2026] Node 0 active_anon:846464kB inactive_anon:190632828kB active_file:1716kB inactive_file:2248kB unevictable:31316kB isolated(anon):0kB isolated(file):0kB mapped:9444kB dirty:0kB writeback:0kB shmem:5100kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14560kB pagetables:379116kB sec_pagetables:0kB all_unreclaimable? no
[Sun Jan 4 04:36:28 2026] Node 0 DMA free:11264kB boost:0kB min:4kB low:16kB high:28kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15996kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[Sun Jan 4 04:36:28 2026] lowmem_reserve[]: 0 1936 188624 188624 188624
[Sun Jan 4 04:36:28 2026] Node 0 DMA32 free:750904kB boost:0kB min:692kB low:2672kB high:4652kB reserved_highatomic:0KB active_anon:74932kB inactive_anon:1173588kB active_file:116kB inactive_file:1232kB unevictable:0kB writepending:0kB present:2076324kB managed:2010468kB mlocked:0kB bounce:0kB free_pcp:2056kB local_pcp:168kB free_cma:0kB
[Sun Jan 4 04:36:28 2026] lowmem_reserve[]: 0 0 186688 186688 186688
[Sun Jan 4 04:36:28 2026] Node 0 Normal free:88748kB boost:18432kB min:85316kB low:276484kB high:467652kB reserved_highatomic:0KB active_anon:772200kB inactive_anon:189458572kB active_file:1012kB inactive_file:420kB unevictable:31316kB writepending:0kB present:194510848kB managed:191177704kB mlocked:27316kB bounce:0kB free_pcp:1884kB local_pcp:0kB free_cma:0kB
[Sun Jan 4 04:36:28 2026] lowmem_reserve[]: 0 0 0 0 0
[Sun Jan 4 04:36:28 2026] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 2*4096kB (M) = 11264kB
[Sun Jan 4 04:36:28 2026] Node 0 DMA32: 76*4kB (UM) 295*8kB (UM) 123*16kB (UM) 87*32kB (UME) 65*64kB (UME) 60*128kB (UME) 56*256kB (UE) 47*512kB (UM) 25*1024kB (UME) 14*2048kB (UME) 156*4096kB (UM) = 750904kB
[Sun Jan 4 04:36:28 2026] Node 0 Normal: 2827*4kB (UE) 2192*8kB (UME) 1319*16kB (UME) 876*32kB (UME) 119*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 85596kB
[Sun Jan 4 04:36:28 2026] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[Sun Jan 4 04:36:28 2026] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[Sun Jan 4 04:36:28 2026] 4903 total pagecache pages
[Sun Jan 4 04:36:28 2026] 0 pages in swap cache
[Sun Jan 4 04:36:28 2026] Free swap = 0kB
[Sun Jan 4 04:36:28 2026] Total swap = 0kB
[Sun Jan 4 04:36:28 2026] 49150792 pages RAM
[Sun Jan 4 04:36:28 2026] 0 pages HighMem/MovableOnly
[Sun Jan 4 04:36:28 2026] 849909 pages reserved
[Sun Jan 4 04:36:28 2026] 0 pages hwpoisoned
[Sun Jan 4 04:36:28 2026] Tasks state (memory values in pages):
[Sun Jan 4 04:36:28 2026] [ pid ] uid tgid total_vm rss rss_anon rss_file rss_shmem pgtables_bytes swapents oom_score_adj name
[Sun Jan 4 04:36:28 2026] [ 1416] 101 1416 2455 384 192 192 0 65536 0 -900 dbus-daemon
[Sun Jan 4 04:36:28 2026] [ 1431] 0 1431 4549 192 192 0 0 77824 0 0 systemd-logind
[Sun Jan 4 04:36:28 2026] [ 1485] 0 1485 1430 0 0 0 0 57344 0 0 agetty
[Sun Jan 4 04:36:28 2026] [ 1494] 0 1494 27422 2880 2304 576 0 114688 0 0 unattended-upgr
[Sun Jan 4 04:36:28 2026] [ 1524] 0 1524 1526 0 0 0 0 57344 0 0 agetty
[Sun Jan 4 04:36:28 2026] [ 3030] 998 3030 4750 1248 288 960 0 81920 0 0 systemd-network
[Sun Jan 4 04:36:28 2026] [ 3042] 0 3042 14626 1542 192 1350 0 106496 0 -250 systemd-journal
[Sun Jan 4 04:36:28 2026] [ 4171] 0 4171 20178 1344 0 1344 0 61440 0 0 qemu-ga
[Sun Jan 4 04:36:28 2026] [ 4803] 997 4803 22756 1632 192 1440 0 86016 0 0 systemd-timesyn
[Sun Jan 4 04:36:28 2026] [ 4865] 0 4865 6192 960 288 672 0 77824 0 -1000 systemd-udevd
[Sun Jan 4 04:36:28 2026] [ 4972] 992 4972 5428 1728 576 1152 0 81920 0 0 systemd-resolve
[Sun Jan 4 04:36:28 2026] [ 9675] 103 9675 55627 2016 96 1920 0 81920 0 0 rsyslogd
[Sun Jan 4 04:36:28 2026] [ 13663] 0 13663 1706 672 0 672 0 65536 0 0 cron
[Sun Jan 4 04:36:28 2026] [ 13664] 0 13664 945 576 0 576 0 49152 0 0 atd
[Sun Jan 4 04:36:28 2026] [ 13671] 991 13671 77041 1632 192 1440 0 94208 0 0 polkitd
[Sun Jan 4 04:36:28 2026] [ 13672] 0 13672 55896 6624 4512 2112 0 110592 0 -1000 multipathd
[Sun Jan 4 04:36:28 2026] [ 13746] 1000 13746 5013 1344 384 960 0 81920 0 100 systemd
[Sun Jan 4 04:36:28 2026] [ 13747] 1000 13747 5287 641 353 288 0 73728 0 100 (sd-pam)
[Sun Jan 4 04:36:28 2026] [ 17647] 0 17647 3005 2208 192 2016 0 69632 0 -1000 sshd
[Sun Jan 4 04:36:28 2026] [1697845] 1000 1697845 2323 864 0 864 0 57344 0 200 dbus-daemon
[Sun Jan 4 04:36:28 2026] [1860018] 1000 1860018 1730116 3677 3677 0 0 1556480 0 0 forge
[Sun Jan 4 04:36:28 2026] [1927698] 1000 1927698 2106 672 0 672 0 61440 0 0 screen
[Sun Jan 4 04:36:28 2026] [1927700] 1000 1927700 677085 160648 159688 960 0 1662976 0 0 python3
[Sun Jan 4 04:36:28 2026] [2812320] 1000 2812320 2107 384 0 384 0 61440 0 0 screen
[Sun Jan 4 04:36:28 2026] [2812322] 1000 2812322 268476836 47691263 47691167 96 0 382648320 0 0 echidna
[Sun Jan 4 04:36:28 2026] [2819121] 1000 2819121 5312 2713 2233 480 0 90112 0 0 bitwuzla
[Sun Jan 4 04:36:28 2026] [2819304] 0 2819304 3402 1248 96 1152 0 69632 0 0 sshd
[Sun Jan 4 04:36:28 2026] [2819305] 0 2819305 3418 1152 96 1056 0 69632 0 0 sshd
[Sun Jan 4 04:36:28 2026] [2819306] 109 2819306 3038 1274 218 1056 0 65536 0 0 sshd
[Sun Jan 4 04:36:28 2026] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/user.slice/user-1000.slice/session-5692.scope,task=echidna,pid=2812322,uid=1000
[Sun Jan 4 04:36:28 2026] Out of memory: Killed process 2812322 (echidna) total-vm:1073907344kB, anon-rss:190764668kB, file-rss:384kB, shmem-rss:0kB, UID:1000 pgtables:373680kB oom_score_adj:0
[Sun Jan 4 04:36:35 2026] oom_reaper: reaped process 2812322 (echidna), now anon-rss:0kB, file-rss:384kB, shmem-rss:0kB
[Sun Jan 4 13:34:39 2026] audit: type=1400 audit(1767533701.055:228): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=2828503 comm="cursor-sandbox" requested="userns_create" target="unprivileged_userns"
System info
vCPUs: 48
Model name: AMD EPYC-Milan Processor
Thread(s) per core: 2
Core(s) per socket: 24
Socket(s): 1
RAM: 184Gi
Disk: 902G
Code example to reproduce the issue:
N/A (closed source)
Version:
Echidna 2.3.0
Relevant log output:
[2026-01-04 04:35:00.28] [status] tests: 0/2, fuzzing: 70008617/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33553702577
[2026-01-04 04:35:03.29] [status] tests: 0/2, fuzzing: 70023590/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 31264439928
[2026-01-04 04:35:06.29] [status] tests: 0/2, fuzzing: 70040526/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 34438807863
[2026-01-04 04:35:09.31] [status] tests: 0/2, fuzzing: 70057582/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 34109571695
[2026-01-04 04:35:12.31] [status] tests: 0/2, fuzzing: 70073878/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 32749326569
[2026-01-04 04:35:15.33] [status] tests: 0/2, fuzzing: 70090206/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33134254502
[2026-01-04 04:35:18.34] [status] tests: 0/2, fuzzing: 70106383/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 32874810406
[2026-01-04 04:35:21.35] [status] tests: 0/2, fuzzing: 70122248/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 32532410039
[2026-01-04 04:35:24.35] [status] tests: 0/2, fuzzing: 70138198/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 32764331020
[2026-01-04 04:35:27.36] [status] tests: 0/2, fuzzing: 70154077/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 32497774078
[2026-01-04 04:35:30.37] [status] tests: 0/2, fuzzing: 70169910/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33036810897
[2026-01-04 04:35:33.37] [status] tests: 0/2, fuzzing: 70185909/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 32961770872
[2026-01-04 04:35:36.37] [status] tests: 0/2, fuzzing: 70202506/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33866628060
[2026-01-04 04:35:39.41] [status] tests: 0/2, fuzzing: 70218653/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33540314382
[2026-01-04 04:35:42.41] [status] tests: 0/2, fuzzing: 70234839/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33241268061
[2026-01-04 04:35:45.43] [status] tests: 0/2, fuzzing: 70251776/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 33907406060
[2026-01-04 04:35:48.92] [status] tests: 0/2, fuzzing: 70258701/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 14228445952
[2026-01-04 04:35:52.05] [status] tests: 0/2, fuzzing: 70260973/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 4842157441
[2026-01-04 04:36:41.33] [status] tests: 0/2, fuzzing: 70263760/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 343146048
[2026-01-04 04:36:44.59] [status] tests: 0/2, fuzzing: 70265237/1000000000, values: [1,1420864452355], cov: 69357, corpus: 93, gas/s: 2330491324