Skip to content

nerdctl delete containers results in a large number of residual containerd-shim processes #4697

New issue
New issue
Open
Open
nerdctl delete containers results in a large number of residual containerd-shim processes#4697
Labels
kind/unconfirmed-bug-claimUnconfirmed bug claim
@happyzzz1997

Description

@happyzzz1997
happyzzz1997
opened on Jan 13, 2026

Description

When using the nerdctl rm -f command to delete a container, I found that the containerd task and containerd-shim processes remained. I attempted to clear the /var/lib/containerd directory and restart the containerd service, but the residual containerd-shim processes still persisted. However, when I used ctr -n k8s.io tasks kill/delete followed by ctr -n k8s.io containers delete , no residual issues occurred. My questions are: (1) What causes the residual containerd-shim processes? (2) How can these residual processes be safely and effectively cleaned up when they have already occurred?

[root@ning204 ~]# systemctl status containerd
● containerd.service - containerd container runtime
     Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
    Drop-In: /etc/systemd/system/containerd.service.d
             └─restart.conf
     Active: active (running) since Tue 2026-01-13 15:17:47 CST; 14s ago
       Docs: https://containerd.io
   Main PID: 3259117 (containerd)
      Tasks: 88
     Memory: 383.6M
     CGroup: /system.slice/containerd.service
             ├─ 2816714 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 72567bbb3c070443708208da220c783b4c62829c0f9f44a50723f0674b87314c -address /run/containerd/containerd.s>
             ├─ 2816716 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 2036122317d6e8e2ccfef46bbc373305f4e2f308c5c38d9158c8f2310e9afb15 -address /run/containerd/containerd.s>
             ├─ 2816975 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 632b6b3abb7eac74726a360bf02b3c1db335c240b0de9405a0977ecf6b02607f -address /run/containerd/containerd.s>
             ├─ 2818172 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id c86ce7ea5fa5dec839e484321bd18f8a1839c434bfde68e18b7cc08fed94c824 -address /run/containerd/containerd.s>
             ├─ 2820633 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id fc7c124eb25715a4cdca1472eeef8cd3249bbbc542783b33f41422899af1a20b -address /run/containerd/containerd.s>
             ├─ 2826317 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 4a73d50aca64adad8cdc94e38bf6506597e549562cd6816fa32c58a8f275cda5 -address /run/containerd/containerd.s>
             └─ 3259117 /usr/bin/containerd

1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2816975 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2818172 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2820633 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2826317 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: Started containerd container runtime.

Steps to reproduce the issue

  1. systemctl stop kubelet
  2. Execute nerdctl rm -f to delete containers and clear all containers in the environment.
  3. Clear the /var/lib/containerd directory and restart the containerd service.
    Execute systemctl status containerd and occasionally see containerd-shim remnants.
    Execute ctr -n k8s.io task ls to see task remnants, occasionally observing task remnants.

Describe the results you received and expected

  1. I would like to know the reasons for process remnants, and whether nerdctl has any methods to avoid them.
  2. How to safely and effectively clean up these residual processes in an environment where they have already occurred.

What version of nerdctl are you using?

[root@ning204 ~]# nerdctl -v
nerdctl version 2.1.3

[root@ning204 ~]# containerd -v
containerd github.com/containerd/containerd v1.7.28 b98a3aace656320842a23f4a392a33f46af97866
[root@ning204 ~]#
[root@ning204 ~]# runc -v
runc version 1.3.1
commit: v1.3.1-0-ge6457afc
spec: 1.2.1
go: go1.23.12
libseccomp: 2.5.6

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/unconfirmed-bug-claimUnconfirmed bug claim

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions