The 'failed to create containerd task: failed to create shim task' error occurs when Docker's containerd runtime cannot initialize the container process. This is typically caused by service issues, permission problems, corrupted containers, or version incompatibilities between containerd and runc.
This error indicates that Docker's underlying container runtime (containerd) failed to create the necessary task and shim process required to start your container. The containerd shim is a small process that acts as an intermediary between containerd and the actual container runtime (runc). When you see this error, it means the container startup sequence failed at a critical point - after the image was pulled but before the container process could actually be spawned. The shim process is responsible for handling stdin/stdout/stderr for the container and keeping the container running even if containerd restarts. The full error often includes additional context like "OCI runtime create failed" or "runc create failed", which points to the specific component that encountered the issue. Common root causes include containerd service not running properly, file system or permission issues, corrupted container state, or version mismatches between Docker components.
First, verify that the containerd service is running properly:
# Check containerd status
sudo systemctl status containerd
# If not running, start it
sudo systemctl start containerd
# Check for errors in the logs
sudo journalctl -u containerd -n 50 --no-pagerIf containerd shows as failed or inactive, check the logs for specific error messages that indicate the root cause.
A service restart often resolves transient issues:
# Restart both services
sudo systemctl restart containerd
sudo systemctl restart docker
# Verify both are running
sudo systemctl status containerd dockerWait a few seconds after restarting before attempting to run containers again.
Corrupted containers or Docker state can cause shim creation failures:
# Stop all running containers
docker stop $(docker ps -q) 2>/dev/null
# Remove all stopped containers
docker container prune -f
# Clean up unused images and networks
docker system prune -f
# For more aggressive cleanup (removes unused volumes too)
docker system prune -a --volumes -fWarning: The last command removes all unused volumes. Only use if you don't need to preserve volume data.
Insufficient disk space or filesystem issues can prevent container creation:
# Check available disk space
df -h /var/lib/docker
df -h /var/lib/containerd
# Check for filesystem errors (if possible)
sudo touch /var/lib/docker/.test && sudo rm /var/lib/docker/.testDocker typically requires at least 1-2GB of free space. If space is low, clean up old images and containers.
Version mismatches can cause compatibility issues:
# Check versions
docker version
containerd --version
runc --version
# If versions are mismatched after an update, consider:
# 1. Update all components together
sudo apt update && sudo apt upgrade docker-ce docker-ce-cli containerd.io
# 2. Or rollback to a known working version
# (check your package manager for available versions)Known problematic versions include containerd 2.0.x with older Docker versions, and containerd 1.7.24.x which had reported issues.
Security modules can block container creation:
# Check SELinux status (RHEL/CentOS/Fedora)
getenforce
# Temporarily set to permissive for testing
sudo setenforce 0
# Check AppArmor status (Ubuntu/Debian)
sudo aa-status
# Check Docker's AppArmor profile
sudo aa-status | grep dockerIf disabling security modules fixes the issue, configure proper policies rather than leaving them disabled permanently.
A corrupted or incompatible image can cause shim failures:
# Remove the existing image
docker rmi <image-name>
# Pull a fresh copy
docker pull <image-name>
# Try running the container again
docker run <image-name>If using a custom image, verify it was built correctly and is compatible with your host system.
### Debugging with containerd directly
For deeper investigation, you can interact with containerd directly using ctr:
# List containerd namespaces
sudo ctr namespaces list
# List containers in the moby namespace (Docker's namespace)
sudo ctr -n moby containers list
# Check containerd events
sudo ctr events### Proxmox LXC containers
When running Docker inside Proxmox LXC containers, you may encounter this error due to AppArmor restrictions. Add the following to your LXC config:
lxc.apparmor.profile: unconfinedOr configure proper nesting support for Docker in the Proxmox UI.
### Kubernetes-specific troubleshooting
For Kubernetes clusters using containerd:
# Check kubelet logs for more details
journalctl -u kubelet -f
# Describe the failing pod
kubectl describe pod <pod-name>
# Check containerd config
cat /etc/containerd/config.toml### Common version-specific issues
- containerd 2.0.x: May have compatibility issues with older Docker versions
- containerd 1.7.24.1: Reported "can't get final child's PID from pipe: EOF" issues
- runc 1.1.x: Namespace path errors under high load with older containerd versions
Consider pinning versions if you encounter stability issues after updates.
unable to configure the Docker daemon with file /etc/docker/daemon.json
How to fix 'unable to configure the Docker daemon with file daemon.json' in Docker
docker: Error response from daemon: OCI runtime create failed: container_linux.go: starting container process caused: exec: "/docker-entrypoint.sh": stat /docker-entrypoint.sh: no such file or directory
How to fix 'exec: entrypoint.sh: no such file or directory' in Docker
image operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
dockerfile parse error line 5: unknown instruction: RRUN
How to fix 'unknown instruction' Dockerfile parse error in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker