Segmentation faults with docker and iptables

    • New

    Hi all, I've been having trouble the past couple of weeks where the docker service wont start after openmediavault boots up. For instance 90% of the time when I boot up openmediavault in the webui, under services docker remains red while most other services are green.

    If docker does manage to start then if a container dies it wont restart the container in either compose or portainer saying something about iptable errors.

    If I ssh into the machine to try and check the status of docker or find out whats going on I get these sort of errors:


    root@openmediavault:~# sudo systemctl restart docker

    Job for docker.service failed because the control process exited with error code.

    See "systemctl status docker.service" and "journalctl -xeu docker.service" for details.

    root@openmediavault:~# systemctl status docker.service

    ● docker.service - Docker Application Container Engine

    Loaded: loaded (/lib/systemd/system/docker.service; enabled; preset: enabled)

    Drop-In: /etc/systemd/system/docker.service.d

    └─override.conf, waitAllMounts.conf

    Active: activating (start) since Mon 2026-02-09 22:04:14 AEST; 6s ago

    TriggeredBy: docker.socket

    Docs: https://docs.docker.com

    Main PID: 10123 (dockerd)

    Tasks: 24

    Memory: 37.4M

    CPU: 778ms

    CGroup: /system.slice/docker.service

    ├─10123 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

    └─10161 /usr/sbin/iptables --wait -t nat -D OUTPUT -m addrtype --dst-type LOCAL "" "" --dst 127.0.0.0/8 -j DOCKER


    Feb 09 22:04:14 openmediavault dockerd[10123]: time="2026-02-09T22:04:14.756171450+10:00" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes>

    Feb 09 22:04:14 openmediavault dockerd[10123]: time="2026-02-09T22:04:14.756373431+10:00" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using r>

    Feb 09 22:04:14 openmediavault dockerd[10123]: time="2026-02-09T22:04:14.776267833+10:00" level=info msg="Creating a containerd client" address=/run/containerd/containerd.sock>

    Feb 09 22:04:14 openmediavault dockerd[10123]: time="2026-02-09T22:04:14.793553166+10:00" level=info msg="Loading containers: start."

    Feb 09 22:04:14 openmediavault dockerd[10123]: time="2026-02-09T22:04:14.805111896+10:00" level=info msg="NRI is disabled"

    Feb 09 22:04:14 openmediavault dockerd[10123]: time="2026-02-09T22:04:14.886205127+10:00" level=info msg="[graphdriver] using prior storage driver: overlay2"

    Feb 09 22:04:15 openmediavault dockerd[10123]: time="2026-02-09T22:04:15.227607635+10:00" level=info msg="Restoring containers: start."

    Feb 09 22:04:15 openmediavault dockerd[10123]: time="2026-02-09T22:04:15.498824395+10:00" level=info msg="Deleting nftables IPv4 rules" error="signal: segmentation fault (core>

    Feb 09 22:04:15 openmediavault dockerd[10123]: time="2026-02-09T22:04:15.645180300+10:00" level=info msg="Deleting nftables IPv6 rules" error="signal: segmentation fault (core>

    Feb 09 22:04:20 openmediavault systemd[1]: /etc/systemd/system/docker.service.d/override.conf:1: Assignment outside of section. Ignoring.

    lines 1-25/25 (END)


    root@openmediavault:~# sudo systemctl status docker

    × docker.service - Docker Application Container Engine

    Loaded: loaded (/lib/systemd/system/docker.service; enabled; preset: enabled)

    Drop-In: /etc/systemd/system/docker.service.d

    └─override.conf, waitAllMounts.conf

    Active: failed (Result: exit-code) since Mon 2026-02-09 21:53:16 AEST; 9min ago

    TriggeredBy: × docker.socket

    Docs: https://docs.docker.com

    Process: 3105 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)

    Main PID: 3105 (code=exited, status=1/FAILURE)

    CPU: 1.051s


    Feb 09 21:58:55 openmediavault systemd[1]: /etc/systemd/system/docker.service.d/override.conf:1: Assignment outside of section. Ignoring.


    Part of my syslog highlighting lots of segfaults in iptables:

    2026-02-08T10:40:57+1000 openmediavault dockerd[4722]: time="2026-02-08T10:40:57.516139541+10:00" level=info msg="Creating a containerd client" address=/run/containerd/containerd.sock timeout=1m0s

    2026-02-08T10:40:57+1000 openmediavault systemd[1]: srv-dev\x2ddisk\x2dby\x2duuid\x2d560d3b62\x2d6e19\x2d4c52\x2db17b\x2d2a5f088c8243-Docker-docker-overlay2-check\x2doverlayfs\x2dsupport2171308125-merged.mount: Deactivated successfully.

    2026-02-08T10:40:57+1000 openmediavault dockerd[4722]: time="2026-02-08T10:40:57.575781535+10:00" level=info msg="[graphdriver] using prior storage driver: overlay2"

    2026-02-08T10:40:57+1000 openmediavault dockerd[4722]: time="2026-02-08T10:40:57.925792817+10:00" level=info msg="Loading containers: start."

    2026-02-08T10:40:58+1000 openmediavault kernel: show_signal_msg: 14 callbacks suppressed

    2026-02-08T10:40:58+1000 openmediavault kernel: iptables[4764]: segfault at a956 ip 000000000000a956 sp 00007fffb5edbfe8 error 14 likely on CPU 1 (core 2, socket 0)

    2026-02-08T10:41:01+1000 openmediavault dockerd[4722]: time="2026-02-08T10:41:01.245086532+10:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby

    2026-02-08T10:41:01+1000 openmediavault dockerd[4722]: time="2026-02-08T10:41:01.247115359+10:00" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby

    2026-02-08T10:41:01+1000 openmediavault dockerd[4722]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables --wait -t nat -N DOCKER: (signal: segmentation fault (core dumped))

    2026-02-08T10:41:01+1000 openmediavault systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE

    2026-02-08T10:41:01+1000 openmediavault systemd[1]: docker.service: Failed with result 'exit-code'.

    2026-02-08T10:41:01+1000 openmediavault systemd[1]: Failed to start docker.service - Docker Application Container Engine.

    2026-02-08T10:41:01+1000 openmediavault sudo[4717]: pam_unix(sudo:session): session closed for user root

    2026-02-08T10:41:03+1000 openmediavault systemd[1]: docker.service: Scheduled restart job, restart counter is at 1.

    2026-02-08T10:41:03+1000 openmediavault systemd[1]: Stopped docker.service - Docker Application Container Engine.

    2026-02-08T10:41:03+1000 openmediavault systemd[1]: Starting docker.service - Docker Application Container Engine...

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.460925727+10:00" level=info msg="Starting up"

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.463271172+10:00" level=info msg="OTEL tracing is not configured, using no-op tracer provider"

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.463877601+10:00" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes: no such file or directory" dir=/etc/cdi

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.464129417+10:00" level=info msg="CDI directory does not exist, skipping: failed to monitor for changes: no such file or directory" dir=/var/run/cdi

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.464368035+10:00" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.484725142+10:00" level=info msg="Creating a containerd client" address=/run/containerd/containerd.sock timeout=1m0s

    2026-02-08T10:41:03+1000 openmediavault systemd[1]: srv-dev\x2ddisk\x2dby\x2duuid\x2d560d3b62\x2d6e19\x2d4c52\x2db17b\x2d2a5f088c8243-Docker-docker-overlay2-check\x2doverlayfs\x2dsupport1653676043-merged.mount: Deactivated successfully.

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.583323067+10:00" level=info msg="[graphdriver] using prior storage driver: overlay2"

    2026-02-08T10:41:03+1000 openmediavault dockerd[4795]: time="2026-02-08T10:41:03.936196518+10:00" level=info msg="Loading containers: start."

    2026-02-08T10:41:04+1000 openmediavault kernel: show_signal_msg: 14 callbacks suppressed

    2026-02-08T10:41:04+1000 openmediavault kernel: iptables[4829]: segfault at a956 ip 000000000000a956 sp 00007ffc240459a8 error 14 likely on CPU 1 (core 2, socket 0)

    2026-02-08T10:41:04+1000 openmediavault kernel: Code: Unable to access opcode bytes at 0xa92c.

    2026-02-08T10:41:04+1000 openmediavault kernel: iptables[4830]: segfault at a956 ip 000000000000a956 sp 00007fff70b1f2d8 error 14 likely on CPU 1 (core 2, socket 0)

    2026-02-08T10:41:04+1000 openmediavault kernel: Code: Unable to access opcode bytes at 0xa92c.

    2026-02-08T10:41:04+1000 openmediavault kernel: iptables[4831]: segfault at a956 ip 000000000000a956 sp 00007ffe24b63888 error 14 likely on CPU 1 (core 2, socket 0)

    2026-02-08T10:41:04+1000 openmediavault kernel: Code: Unable to access opcode bytes at 0xa92c.

    2026-02-08T10:41:04+1000 openmediavault kernel: iptables[4832]: segfault at a956 ip 000000000000a956 sp 00007ffee3574bb8 error 14 likely on CPU 1 (core 2, socket 0)

    2026-02-08T10:41:04+1000 openmediavault kernel: Code: Unable to access opcode bytes at 0xa92c.

    2026-02-08T10:41:04+1000 openmediavault kernel: iptables[4833]: segfault at a956 ip 000000000000a956 sp 00007ffd4c4923f8 error 14 likely on CPU 0 (core 0, socket 0)

    2026-02-08T10:41:04+1000 openmediavault kernel: Code: Unable to access opcode bytes at 0xa92c.

  • votdev

    Approved the thread.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login