Key Information Vulnerability Type: Scheduler bug ( ) Issue Description: is set to , causing a crash. Root Cause: In , when processing a delayed group entity, if the parent entity's queue is also delayed, is set to . This leads to overflow and incorrect results in subsequent calculations. Specific Steps: 1. When is false, is set to . 2. If the entity is delayed, returns . 3. The first loop dequeues the entity. 4. If the entity is the only child of its parent, the next iteration attempts to dequeue the parent. 5. If the parent's queue needs to be delayed, the loop exits without updating . 6. The second loop sets the parent's to the saved , i.e., . Consequences: - In , is used to compute , resulting in a huge negative number. - is used in . Since is negative, exceeds , causing to be set to a huge negative number. - In , is scaled, leading to overflow and producing huge positive or negative values. - The adjusted is subtracted from , significantly increasing or decreasing . - calls and . Since is far from other values in the queue, it returns , causing load calculation overflow. - No entities are eligible, so returns . - attempts to dereference the return value of and crashes. Fix Commit: Author: Omar Sandoval () Committer: Greg Kroah-Hartman () Date: 2025-04-25 01:51:24 -0700 (author), 2025-05-18 08:24:58 +0200 (committer)