A bug in the x86 BPF JIT compiler. A bpf_tail_call with a key larger than the max_entries of the map can cause an out-of-bound access when the x86 JIT compiler tries to index bpf_array->ptr using the invalid key.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2121801]
This was fixed for Fedora with the 5.19.6 stable kernel updates.