Description
When using the nerdctl rm -f command to delete a container, I found that the containerd task and containerd-shim processes remained. I attempted to clear the /var/lib/containerd directory and restart the containerd service, but the residual containerd-shim processes still persisted. However, when I used ctr -n k8s.io tasks kill/delete followed by ctr -n k8s.io containers delete , no residual issues occurred. My questions are: (1) What causes the residual containerd-shim processes? (2) How can these residual processes be safely and effectively cleaned up when they have already occurred?
[root@ning204 ~]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/containerd.service.d
└─restart.conf
Active: active (running) since Tue 2026-01-13 15:17:47 CST; 14s ago
Docs: https://containerd.io
Main PID: 3259117 (containerd)
Tasks: 88
Memory: 383.6M
CGroup: /system.slice/containerd.service
├─ 2816714 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 72567bbb3c070443708208da220c783b4c62829c0f9f44a50723f0674b87314c -address /run/containerd/containerd.s>
├─ 2816716 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 2036122317d6e8e2ccfef46bbc373305f4e2f308c5c38d9158c8f2310e9afb15 -address /run/containerd/containerd.s>
├─ 2816975 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 632b6b3abb7eac74726a360bf02b3c1db335c240b0de9405a0977ecf6b02607f -address /run/containerd/containerd.s>
├─ 2818172 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id c86ce7ea5fa5dec839e484321bd18f8a1839c434bfde68e18b7cc08fed94c824 -address /run/containerd/containerd.s>
├─ 2820633 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id fc7c124eb25715a4cdca1472eeef8cd3249bbbc542783b33f41422899af1a20b -address /run/containerd/containerd.s>
├─ 2826317 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 4a73d50aca64adad8cdc94e38bf6506597e549562cd6816fa32c58a8f275cda5 -address /run/containerd/containerd.s>
└─ 3259117 /usr/bin/containerd
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2816975 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2818172 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2820633 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: containerd.service: Found left-over process 2826317 (containerd-shim) in control group while starting unit. Ignoring.
1月 13 15:17:47 ning204 systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
1月 13 15:17:47 ning204 systemd[1]: Started containerd container runtime.
Steps to reproduce the issue
- systemctl stop kubelet
- Execute nerdctl rm -f to delete containers and clear all containers in the environment.
- Clear the /var/lib/containerd directory and restart the containerd service.
Execute systemctl status containerd and occasionally see containerd-shim remnants.
Execute ctr -n k8s.io task ls to see task remnants, occasionally observing task remnants.
Describe the results you received and expected
- I would like to know the reasons for process remnants, and whether nerdctl has any methods to avoid them.
- How to safely and effectively clean up these residual processes in an environment where they have already occurred.
What version of nerdctl are you using?
[root@ning204 ~]# nerdctl -v
nerdctl version 2.1.3
[root@ning204 ~]# containerd -v
containerd github.com/containerd/containerd v1.7.28 b98a3aace656320842a23f4a392a33f46af97866
[root@ning204 ~]#
[root@ning204 ~]# runc -v
runc version 1.3.1
commit: v1.3.1-0-ge6457afc
spec: 1.2.1
go: go1.23.12
libseccomp: 2.5.6
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
Description
When using the nerdctl rm -f command to delete a container, I found that the containerd task and containerd-shim processes remained. I attempted to clear the /var/lib/containerd directory and restart the containerd service, but the residual containerd-shim processes still persisted. However, when I used ctr -n k8s.io tasks kill/delete followed by ctr -n k8s.io containers delete , no residual issues occurred. My questions are: (1) What causes the residual containerd-shim processes? (2) How can these residual processes be safely and effectively cleaned up when they have already occurred?
Steps to reproduce the issue
Execute systemctl status containerd and occasionally see containerd-shim remnants.
Execute ctr -n k8s.io task ls to see task remnants, occasionally observing task remnants.
Describe the results you received and expected
What version of nerdctl are you using?
[root@ning204 ~]# nerdctl -v
nerdctl version 2.1.3
[root@ning204 ~]# containerd -v
containerd github.com/containerd/containerd v1.7.28 b98a3aace656320842a23f4a392a33f46af97866
[root@ning204 ~]#
[root@ning204 ~]# runc -v
runc version 1.3.1
commit: v1.3.1-0-ge6457afc
spec: 1.2.1
go: go1.23.12
libseccomp: 2.5.6
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response