Exit code 128 indicates an invalid exit argument or is the base value for signal-related container terminations. This error commonly occurs due to Git/SSH authentication failures during builds, invalid exit() arguments in scripts, volume mount issues, or OCI runtime errors.
Exit code 128 in Docker can have multiple meanings depending on the context: **1. Invalid exit argument**: In bash and POSIX shells, exit code 128 means "Invalid argument to exit." This occurs when a script calls `exit` with a non-integer argument (like `exit 3.14` or `exit "error"`) or a value outside the valid 0-255 range. **2. Base value for signal exits**: Exit codes in the 128+n range indicate the container was terminated by a signal, where n is the signal number. For example, exit code 137 (128+9) means SIGKILL, and 143 (128+15) means SIGTERM. A pure 128 exit code without signal offset typically indicates a startup failure before signals could be processed. **3. Git operation failures**: Exit code 128 is commonly associated with Git errors, particularly authentication failures when cloning repositories during Docker builds. This happens when SSH keys aren't available or Git credentials are missing. **4. OCI runtime errors**: The container runtime may return 128 when it cannot properly initialize or start the container due to configuration issues, missing dependencies, or permission problems.
First, examine the container logs to identify the root cause:
# View logs for a stopped container
docker logs <container_name_or_id>
# For more context, inspect the container state
docker inspect <container_name_or_id> --format='{{.State.ExitCode}} {{.State.Error}}'Look for specific error messages like "Permission denied", "Host key verification failed", or "repository not found".
If exit code 128 occurs during git clone in a Dockerfile, ensure proper SSH or HTTPS authentication:
# Option 1: Use BuildKit SSH forwarding
# syntax=docker/dockerfile:1
FROM alpine
RUN apk add --no-cache git openssh-client
RUN --mount=type=ssh git clone [email protected]:user/repo.gitBuild with SSH agent forwarding:
DOCKER_BUILDKIT=1 docker build --ssh default .Or use HTTPS with a personal access token:
ARG GITHUB_TOKEN
RUN git clone https://${GITHUB_TOKEN}@github.com/user/repo.gitEnsure all exit calls in your scripts use valid integer arguments (0-255):
# Incorrect - will cause exit code 128
exit "error"
exit 3.14
exit $undefined_variable # if unset, may expand to invalid value
# Correct usage
exit 0 # Success
exit 1 # Generic error
exit 2 # Misuse of commandTo debug, add set -x at the start of your script to trace execution and identify the failing exit call.
If containers exit with code 128 after system reboot, network volumes may not be ready:
# docker-compose.yml - add healthcheck and depends_on
services:
app:
image: myapp
depends_on:
volume-service:
condition: service_healthy
restart: on-failure:5
volume-service:
image: volume-checker
healthcheck:
test: ["CMD", "test", "-d", "/mnt/data"]
interval: 5s
timeout: 3s
retries: 10Alternatively, add a startup script that waits for volumes:
#!/bin/sh
until [ -d "/mnt/data" ]; do
echo "Waiting for volume..."
sleep 2
done
exec "$@"Git may refuse to operate if the directory owner differs from the current user (common with volume mounts):
# Inside the container, add the directory to Git's safe list
git config --global --add safe.directory /app
# Or in your Dockerfile
RUN git config --global --add safe.directory '*'This is especially common when running as root but the volume was created by another user.
For OCI runtime failures with exit code 128, check Docker daemon logs:
# View Docker daemon logs
sudo journalctl -u docker.service -n 50
# Check for containerd issues
sudo journalctl -u containerd.service -n 50Common fixes:
# Restart Docker daemon
sudo systemctl restart docker
# Update containerd and runc
sudo apt update && sudo apt upgrade containerd.io
# Clear potentially corrupted container state
docker system prune -fIf the container fails too quickly to debug, override the entrypoint:
# Run with shell to inspect the environment
docker run -it --entrypoint /bin/sh <image_name>
# Check if the original command exists and is executable
which <original_command>
ls -la /app/entrypoint.sh
# Test running the command manually
/app/entrypoint.shFor docker-compose, use:
services:
myapp:
entrypoint: ["sleep", "infinity"]Then exec into the container to debug.
Understanding the 128+n signal pattern: Exit codes 129-255 follow the formula 128+n, where n is the signal number. Common examples:
- 130 (128+2): SIGINT (Ctrl+C)
- 137 (128+9): SIGKILL (forced termination)
- 139 (128+11): SIGSEGV (segmentation fault)
- 143 (128+15): SIGTERM (graceful termination request)
A pure exit code 128 without signal offset typically indicates the failure happened before the main process could handle signals.
Docker BuildKit SSH agent: When using BuildKit for SSH-authenticated git clones, ensure your SSH agent has the required keys loaded:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
DOCKER_BUILDKIT=1 docker build --ssh default .containerd compatibility: Some versions of docker-ce and containerd have compatibility issues. If you see "OCI runtime create failed" with exit code 128, try:
# Check versions
docker version
containerd --version
runc --version
# Ensure compatible versions are installed
sudo apt install docker-ce=<compatible_version>Systemd service ordering: For containers that depend on network mounts, ensure proper systemd ordering:
# /etc/systemd/system/docker-myapp.service
[Unit]
After=remote-fs.target docker.service
Requires=remote-fs.target docker.serviceimage operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker
cannot open '/etc/passwd': Permission denied
How to fix 'cannot open: Permission denied' in Docker
Error response from daemon: failed to create the ipvlan port
How to fix 'failed to create the ipvlan port' in Docker
toomanyrequests: Rate exceeded for anonymous users
How to fix 'Rate exceeded for anonymous users' in Docker Hub