Description
Build fails because dockerd segfaults. This happens with a very specific invalid .gitignore and some copy statements in Dockerfile.
Minimal config to reproduce is below.
Tried with 28.5.2, 29.2.1, 29.3.0.
Reproduce
.dockerignore contains:
(which is not a valid pattern and causes a validation error, except in these circumstances)
Dockerfile contains:
FROM python:3.12-slim
WORKDIR /app
COPY a a
COPY b b
Build it:
docker build .
Build fails with:
ERROR: failed to build: failed to receive status: rpc error: code = Unavailable desc = error reading from server: EOF
The log shows segfault in dockerd causing service to restart:
journalctl -u docker.service -f
dockerd[423967]: panic: runtime error: invalid memory address or nil pointer dereference
dockerd[423967]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x90 pc=0x557e0f7ebf80]
dockerd[423967]: goroutine 1241 [running]:
dockerd[423967]: regexp.(*Regexp).doExecute(0x557e11b285a0?, {0x0?, 0x0?}, {0x0?, 0x557e11922650?, 0x557e11922650?}, {0xc0009d3db0?, 0xc000061778?}, 0x557e0f6d0d99?, 0x0, ...)
dockerd[423967]: /usr/local/go/src/regexp/exec.go:527 +0x80
dockerd[423967]: regexp.(*Regexp).doMatch(...)
dockerd[423967]: /usr/local/go/src/regexp/exec.go:514
dockerd[423967]: regexp.(*Regexp).MatchString(...)
dockerd[423967]: /usr/local/go/src/regexp/regexp.go:527
dockerd[423967]: github.com/moby/patternmatcher.(*Pattern).match(0x557e11922650?, {0xc0009d3db0, 0x1})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/patternmatcher/patternmatcher.go:334 +0x26b
dockerd[423967]: github.com/moby/patternmatcher.(*PatternMatcher).MatchesOrParentMatches(0xc000d761e0, {0xc0009d3db0, 0x1})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/patternmatcher/patternmatcher.go:142 +0xda
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.validateCopySourcePath({0xc0009d3db0, 0x1}, 0xc0000621f8)
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:2023 +0x55
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.dispatchCopy(_, {{{0xc0009d3dc0, 0x1}, {0xc0009b5d10, 0x1, 0x1}, {0x0, 0x0, 0x0}}, {0x0, ...}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:1607 +0xd5c
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.dispatch(_, {{_, _}, {_, _, _}, _}, {0xc000aab6a0, {0x557e1214c560, 0xc0007b79e0}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:1004 +0xafb
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.toDispatchState({_, _}, {_, _, _}, {{0xc000d5c8d0, {0x0, 0x0}, {0x0, 0x0}, ...}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:731 +0x3926
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.Dockerfile2LLB({_, _}, {_, _, _}, {{0xc000d5c8d0, {0x0, 0x0}, {0x0, 0x0}, ...}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:90 +0x65
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/builder.Build.func6({0x557e121613e0, 0xc000cfd590}, 0x0, 0x557e0f64accb?)
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go:136 +0xfe
dockerd[423967]: github.com/moby/buildkit/frontend/dockerui.(*Client).Build.func1()
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerui/build.go:39 +0x71
dockerd[423967]: golang.org/x/sync/errgroup.(*Group).Go.func1()
dockerd[423967]: /root/build-deb/engine/vendor/golang.org/x/sync/errgroup/errgroup.go:93 +0x50
dockerd[423967]: created by golang.org/x/sync/errgroup.(*Group).Go in goroutine 1136
dockerd[423967]: /root/build-deb/engine/vendor/golang.org/x/sync/errgroup/errgroup.go:78 +0x95
systemd[1]: docker.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: docker.service: Failed with result 'exit-code'.
Expected behavior
Error for invalid patter in .dockerignore.
If I remove one of the copy statements from Dockerfile, I get expected error:
ERROR: failed to build: failed to solve: error from sender: failed to match excludepatterns: syntax error in pattern
docker version
Client: Docker Engine - Community
Version: 29.3.0
API version: 1.54
Go version: go1.25.7
Git commit: 5927d80
Built: Thu Mar 5 14:25:43 2026
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 29.3.0
API version: 1.54 (minimum version 1.40)
Go version: go1.25.7
Git commit: 83bca51
Built: Thu Mar 5 14:25:43 2026
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v2.2.2
GitCommit: 301b2dac98f15c27117da5c8af12118a041a31d9
runc:
Version: 1.3.4
GitCommit: v1.3.4-0-gd6d73eb8
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 29.3.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.31.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v5.1.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 10
Server Version: 29.3.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 301b2dac98f15c27117da5c8af12118a041a31d9
runc version: v1.3.4-0-gd6d73eb8
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-30-cloud-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.767GiB
Name: pitchomatic
ID: fbc54e0e-9b06-4058-b8ac-3648f833ee5b
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
Firewall Backend: iptablesAdditional Info
No response
Description
Build fails because dockerd segfaults. This happens with a very specific invalid .gitignore and some copy statements in Dockerfile.
Minimal config to reproduce is below.
Tried with 28.5.2, 29.2.1, 29.3.0.
Reproduce
.dockerignore contains:
(which is not a valid pattern and causes a validation error, except in these circumstances)
Dockerfile contains:
Build it:
docker build .Build fails with:
ERROR: failed to build: failed to receive status: rpc error: code = Unavailable desc = error reading from server: EOFThe log shows segfault in dockerd causing service to restart:
Expected behavior
Error for invalid patter in .dockerignore.
If I remove one of the copy statements from Dockerfile, I get expected error:
ERROR: failed to build: failed to solve: error from sender: failed to match excludepatterns: syntax error in patterndocker version
Client: Docker Engine - Community Version: 29.3.0 API version: 1.54 Go version: go1.25.7 Git commit: 5927d80 Built: Thu Mar 5 14:25:43 2026 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 29.3.0 API version: 1.54 (minimum version 1.40) Go version: go1.25.7 Git commit: 83bca51 Built: Thu Mar 5 14:25:43 2026 OS/Arch: linux/amd64 Experimental: false containerd: Version: v2.2.2 GitCommit: 301b2dac98f15c27117da5c8af12118a041a31d9 runc: Version: 1.3.4 GitCommit: v1.3.4-0-gd6d73eb8 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response