Skip to content

ci: fix EXDEV error in fuzz-smoke rustup nightly install #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
27Bslash6 merged 9 commits into from
May 16, 2026
Merged

ci: fix EXDEV error in fuzz-smoke rustup nightly install #113

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
26bab0a
ci: fix EXDEV error in fuzz-smoke rustup nightly install
27Bslash6 May 15, 2026
362d5f4
ci: pin fuzz-smoke to nightly-2026-05-10 (rustix vs nightly breakage)
27Bslash6 May 15, 2026
2cff09a
ci: pin nightly to 2026-04-27 (last known-good for cargo-fuzz)
27Bslash6 May 15, 2026
d9ffc0a
ci: fix fuzz-smoke — correct crate dependency, skip broken targets
27Bslash6 May 15, 2026
3d096c8
ci: fix stale target count in fuzz summary (use GITHUB_OUTPUT)
27Bslash6 May 15, 2026
167a55b
ci: delete fluff summary step from fuzz-smoke
27Bslash6 May 15, 2026
5691ec5
ci: disable Redis RDB persistence in CI (ephemeral, no disk needed)
27Bslash6 May 15, 2026
bb01e59
ci: use redis-py to disable persistence (redis-cli not on runner)
27Bslash6 May 15, 2026
a3b629e
ci: start Redis via docker run with --save '' --appendonly no
27Bslash6 May 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 14 additions & 13 deletions .github/workflows/fuzz-smoke.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ permissions:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
# Avoid EXDEV "cross-device link" errors on ephemeral runners where
# hostPath cache and overlay are on different filesystems
RUSTUP_HOME: /tmp/rustup
CARGO_HOME: /tmp/cargo

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
Expand All @@ -29,7 +33,11 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Install Rust nightly
run: rustup toolchain install nightly
run: |
# Pin nightly: cargo-fuzz 0.13.1 → rustix uses rustc_layout_scalar_valid_range_*
# attributes reserved after nightly-2026-04-27. Last known-good date.
rustup toolchain install nightly-2026-04-27
rustup default nightly-2026-04-27
Comment on lines +36 to +40
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

Is Rust nightly-2026-04-27 currently available for download?

💡 Result:

Yes, the Rust nightly toolchain for 2026-04-27 is available [1]. You can install this specific version using the rustup toolchain manager by running the following command in your terminal: rustup toolchain install nightly-2026-04-27 This command instructs rustup to download and install the nightly compiler release corresponding to that specific date [2][3][4]. Once installed, you can use it by referencing the toolchain name directly (e.g., rustup run nightly-2026-04-27 cargo build) or by setting it as an override for a specific project directory [2][3]. Note that nightly toolchains are generated daily, and while a build exists for 2026-04-27 [1], it is possible for some nightly builds to be missing certain non-default components (such as clippy or rust-docs) depending on the build status for that day [5]. If you encounter issues with missing components, you can try using the --profile=minimal flag or check the build status via the rustup-components-history project [5].

Citations:

🌐 Web query:

Does cargo-fuzz 0.13.1 have a known issue with rustix and rustc_layout_scalar_valid_range attributes in Rust nightly builds after April 2026?

💡 Result:

Yes, cargo-fuzz 0.13.1 has a known issue with Rust nightly builds from May 2026 [1]. This issue arises because the Rust compiler removed support for the internal rustc_layout_scalar_valid_range_* attributes [2][3][4], which were previously used by dependencies like rustix [1]. As of May 2026, the Rust compiler has fully deprecated and removed these internal attributes in favor of new pattern types [2][3][5]. Because cargo-fuzz 0.13.1 relies on older versions of its dependencies (such as rustix) that still utilize these now-removed attributes, the crate fails to compile on recent nightly toolchains [1]. Users encountering this error are advised to check for updates to cargo-fuzz or its dependencies that have migrated away from these internal compiler attributes [1].

Citations:

Monitor for cargo-fuzz updates to resolve rustix compatibility and remove nightly pin.

The pinned nightly (2026-04-27) is ~19 days old. Rust nightlies are retained for ~90 days before expiring on distribution servers. Once this nightly expires, the workflow will fail. The pin exists because cargo-fuzz 0.13.1 depends on rustix, which uses the now-removed rustc_layout_scalar_valid_range_* internal compiler attributes. Track updates to cargo-fuzz that resolve this dependency issue, allowing migration away from a pinned nightly.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/fuzz-smoke.yml around lines 36 - 40, The workflow pins a
specific nightly via the rustup commands ("rustup toolchain install
nightly-2026-04-27" and "rustup default nightly-2026-04-27") because cargo-fuzz
0.13.1 pulls in rustix which uses the removed rustc_layout_scalar_valid_range_*
attributes; monitor cargo-fuzz (and rustix) releases for a version that removes
or replaces that dependency and, when available, drop the nightly pin by
removing those rustup lines and reverting to the project’s normal toolchain
selection so the workflow no longer depends on a time‑boxed nightly.


- name: Install cargo-fuzz
run: cargo install --locked cargo-fuzz
Expand All @@ -42,30 +50,23 @@ jobs:
# Create artifacts directory
mkdir -p artifacts

# Define all fuzz targets
# Fuzz targets that compile against cachekit-core 0.1.1.
# 9 encryption/advanced targets are disabled — cachekit-core API
# changed (encrypt_aes_gcm → encrypt_with_keys etc.) and the
# fuzz targets haven't been updated. See #114.
FUZZ_TARGETS=(
byte_storage_compress
byte_storage_decompress
encryption_roundtrip
byte_storage_corrupted_envelope
byte_storage_integer_overflow
byte_storage_checksum_collision
byte_storage_empty_data
byte_storage_format_injection
encryption_key_derivation
encryption_nonce_reuse
encryption_truncated_ciphertext
encryption_aad_injection
encryption_large_payload
integration_layered_security
)

# Run each target for 60 seconds
for target in "${FUZZ_TARGETS[@]}"; do
echo "Fuzzing $target (60s)..."

# Run fuzzing, capture exit code
if ! cargo +nightly fuzz run "$target" -- -max_total_time=60; then
if ! cargo +nightly-2026-04-27 fuzz run "$target" -- -max_total_time=60; then
echo "::warning::Fuzz target '$target' found potential issues"
# Continue to test other targets even if one fails
touch artifacts/.fuzz_failures
Expand Down
9 changes: 5 additions & 4 deletions rust/fuzz/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,11 @@ libfuzzer-sys = "0.4"
arbitrary = { version = "1", features = ["derive"] }
rmp-serde = "1"

[dependencies.cachekit-storage]
path = ".."
# Target pure Rust core without Python
default-features = false
# Fuzz targets use cachekit-core's internal module paths (byte_storage::, encryption::)
# not the thin PyO3 wrapper's flat re-exports.
[dependencies.cachekit_storage]
package = "cachekit-core"
version = "=0.1.1"
features = ["compression", "checksum", "messagepack", "encryption"]

# Prevent this from interfering with normal build
Expand Down
Loading