Created attachment 347692 [details] emerge --info This is a regression from kernel 3.8.3. It's either a new problem, or one that was rare enough that I never saw it in a few days of using 3.8.3, while it shows up every hour in 3.8.6. Compiler is sys-devel/gcc-4.7.2-r1. I'm feeling a bit lazy, so I'd rather not transcribe the whole panic message unless it's likely to be valuable, but the call immediately before report_size_overflow is "__carl9170_rx", not to be confused with "carl9170_rx", which is defined in the same file. This function is in: drivers/net/wireless/ath/carl9170/rx.c It is very short, and there's not much space for a problem to show up, but the "len" variable is implicitly cast from unsigned to signed in one call. However, returning in the case "len > INT_MAX" didn't seem to help. I'm inclined to wonder if this is a false positive, but I don't really have much experience with the kernel, so my temporary solution has just been to disable CONFIG_PAX_SIZE_OVERFLOW (as with most hardened features on this box, it's enabled more for testing than out of a true need for security).
I think I accidentally sent this to Java instead of hardened. Fixing.
Re-assigned.
Can you check with hardened-sources-3.8.12. I think this is fixed.
Yes, I can tentatively say that this is fixed with 3.8.12. Thanks for the suggestion, Anthony.
nothing changed on our side, so i'd like to see the overflow logs if possible.
No further complains.