PaX contains a mitigation for reference count overflows that is intended to prevent atomic_t variables from reaching 0x80000000 and, more importantly, wrapping around to zero. A documented special case on x86 is that, because “atomically increment unless current value is X” cannot be implemented without a cmpxchg loop, the code instead increments the counter, checks for an overflow and, if an overflow happened, immediately decrements the counter back.