• Fails to create a new pod
• "kubectl describe pod" shows below error message:
  code = Unknown desc = failed to create containerd task. Failed to create shim task: OCI runtime create failed. runc create failed: Unable to start container process: unable to init seccomp: error loading seccomp filter into kernel err loading seccomp filter errno 524: unknown
  
  

vSphere with Tanzu

Worker nodes using Ubuntu OS with Linux Kernel Versions ( < 5.15.105)

• When the usage of memory allocated for BPF JIT Compiler in the Linux Kernel goes beyond its limit, it causes failures in creation of new container processes. 
• Old Linux Kernels have a known resource leakage in relation with net.core.bpf_jit_limit - https://github.com/moby/moby/issues/45498
• The default value configured for BPF JIT Compiler (net.core.bpf_jit_limit) with Ubuntu OS may not be enough for few situations like extreme application workloads or too many zombie processes from ill functioning apps. 

• As a temporary workaround value of net.core.bpf_jit_limit can be increased manually on each worker node.
• As a permanent approach, upgrade the TKr to v1.29.4 or higher. According to the community update https://github.com/moby/moby/issues/45498#issuecomment-1542155705,  Linux Kernels (>=  v5.15.105 ) are supposed to fix the resource leakage issue and since TKr 1.29.4 the higher versions (>= v5.15.107) of the Kernel are used.