Docker Desktop 4.64 and 4.65 exhausting file descriptors with VirtioFS #218
Description
Bug report
When running Docker Desktop and using docker compose up that Virtualization.framework goes from using around 30 file descriptors to over 230.000. I've tried to bump my maximum ulimit to around 500.000 but the system still exhausts this.
I tried to switch from VirtioFS to the older gRPC Fuse but the system is still eating up file descriptors, albeit at a slower rate.
I'm running a Macbook Pro M4 Max with 128GB and when this happens, macOS starts shutting down apps at random and becomes very unresponsive.
Here is a debug command crafted with the help of Claude:
sudo lsof -n 2>/dev/null | awk '{print $2}' | sort | uniq -c | sort -rn | head -20 | while read count pid; do
name=$(ps -p "$pid" -o comm= 2>/dev/null || echo "dead")
printf "%6d %6d %s\n" "$count" "$pid" "$name"
done
232419 4989 /System/Library/Frameworks/Virtualization.framework/Versions/A/XPCServices/com.apple.Virtualization.VirtualMachine.xpc/Contents/MacOS/com.apple.Virtualization.VirtualMachine
Downgrading to 4.64 seems to help if I also switch to gRPC Fuse. If I switch back to VirtioFS, the File Descriptors are immediately exhausted.
Sorry,
Platform
macOS
Version information
(Note: this is from the downgraded version).
Client:
Version: 29.2.1
API version: 1.53
Go version: go1.25.6
Git commit: a5c7197
Built: Mon Feb 2 17:16:37 2026
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.64.0 (221278)
Engine:
Version: 29.2.1
API version: 1.53 (minimum version 1.44)
Go version: go1.25.6
Git commit: 6bc6209
Built: Mon Feb 2 17:16:47 2026
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: v2.2.1
GitCommit: dea7da592f5d1d2b7755e3a161be07f43fad8f75
runc:
Version: 1.3.4
GitCommit: v1.3.4-0-gd6d73eb8
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Client:
Version: 29.2.1
Context: desktop-linux
Debug Mode: false
Plugins:
agent: create or run AI agents (Docker Inc.)
Version: v1.27.1
Path: /Users/mike/.docker/cli-plugins/docker-agent
ai: Docker AI Agent - Ask Gordon (Docker Inc.)
Version: v1.18.0
Path: /Users/mike/.docker/cli-plugins/docker-ai
buildx: Docker Buildx (Docker Inc.)
Version: v0.31.1-desktop.1
Path: /Users/mike/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v5.1.0
Path: /Users/mike/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.47
Path: /Users/mike/.docker/cli-plugins/docker-debug
desktop: Docker Desktop commands (Docker Inc.)
Version: v0.3.0
Path: /Users/mike/.docker/cli-plugins/docker-desktop
dhi: CLI for managing Docker Hardened Images (Docker Inc.)
Version: v0.0.1
Path: /Users/mike/.docker/cli-plugins/docker-dhi
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.31
Path: /Users/mike/.docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.4.0
Path: /Users/mike/.docker/cli-plugins/docker-init
mcp: Docker MCP Plugin (Docker Inc.)
Version: v0.40.2
Path: /Users/mike/.docker/cli-plugins/docker-mcp
model: Docker Model Runner (Docker Inc.)
Version: v1.1.5
Path: /Users/mike/.docker/cli-plugins/docker-model
offload: Docker Offload (Docker Inc.)
Version: v0.5.56
Path: /Users/mike/.docker/cli-plugins/docker-offload
pass: Docker Pass Secrets Manager Plugin (beta) (Docker Inc.)
Version: v0.0.24
Path: /Users/mike/.docker/cli-plugins/docker-pass
sandbox: Docker Sandbox (Docker Inc.)
Version: v0.12.0
Path: /Users/mike/.docker/cli-plugins/docker-sandbox
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/mike/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.20.0
Path: /Users/mike/.docker/cli-plugins/docker-scout
Server:
Containers: 8
Running: 8
Paused: 0
Stopped: 0
Images: 6
Server Version: 29.2.1
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Discovered Devices:
cdi: docker.com/gpu=webgpu
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: dea7da592f5d1d2b7755e3a161be07f43fad8f75
runc version: v1.3.4-0-gd6d73eb8
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.12.72-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 39.11GiB
Name: docker-desktop
ID: 0531a68f-6f50-4caf-804a-6a30d574d414
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/mike/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
::1/128
127.0.0.0/8
Live Restore Enabled: false
Firewall Backend: iptablesDiagnostics ID
BA483284-14B8-445B-AFCC-14BCC1069E51/20260320123823