It is possible for a user to generate a calendar export URL for their user events (or all events) and re-import it as a calendar subscription. When the scheduled task \core\task\calendar_cron_task runs, this scenario repeatedly doubles the number of events in the user's calendar.

Real-life example:

• a user's course calendar contained 7 future events at weekly intervals
• they generated the export URL for their calendar with options All events & Custom range (defaulted to 5 days past, 365 days future)
• they added this URL as a calendar subscription into their own Moodle calendar, updating hourly
• within 15 hours they had generated over 220 000 user events from the original 7
• the issue was discovered after a few days, when we noticed that the scheduled task \core\task\calendar_cron_task was running for 6-8 hours at a time, before silently failing (no success/fail message)
• as a result of that task failure, other users' calendar subscriptions were failing to import updates

Clearly this is a misuse of the Moodle calendar by one specific user. However there is a fairly strong argument for designing against certain user behaviours, especially when a single mistake or misunderstanding can cause this level of havoc.