Dear Maintainer, tried to find out the actual location that the backtrace points to.
Unfortunately I could not make any clue out of the line containing /usr/sbin/apache2(+0x29e450). But at least, I think, the line containing mod_mpm_prefork.so(+0x4c08) translates to function prefork_run in server/mpm/prefork/prefork.c. As this is a rather big function, and looks like it is never left while the server runs, and there are no local arrays accessed, the stack canary may be overwritten by some function called from there. But the stack canary is just checked when prefork_run exits. Kind regards, Bernhard
*** stack smashing detected ***: /usr/sbin/apache2 terminated ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x731af)[0x7f6d8e1c11af] | 0x7f6d8e1c11af | /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f6d8e246aa7] | 0x7f6d8e246aa7 | /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f6d8e246a70] | 0x7f6d8e246a70 | /usr/lib/apache2/modules/mod_mpm_prefork.so(+0x4c08)[0x7f6d8b462c08] | 0x7f6d8b462c08 | 0x00007f6193a75c08: 0x00007f6193a75c03 <prefork_run+3747>: callq 0x7f6193a73400 <__stack_chk_fail@plt> /usr/sbin/apache2(+0x29e450)[0x7f6d8f2a3450] | 0x7f6d8f2a3450 | ======= Memory map: ======== 7f6d8f005000-7f6d8f09d000 r-xp 00000000 fe:00 3882 /usr/sbin/apache2 7f6d8b45e000-7f6d8b465000 r-xp 00000000 fe:00 127839 /usr/lib/apache2/modules/mod_mpm_prefork.so apt install dpkg-dev devscripts mc gdb binutils apache2-bin apache2-dbg # http://snapshot.debian.org/package/apache2/2.4.10-10%2Bdeb8u7/ wget http://snapshot.debian.org/archive/debian/20160916T101556Z/pool/main/a/apache2/apache2-bin_2.4.10-10%2Bdeb8u7_amd64.deb wget http://snapshot.debian.org/archive/debian/20160916T101556Z/pool/main/a/apache2/apache2-dbg_2.4.10-10%2Bdeb8u7_amd64.deb dpkg -i --force-depends apache2-bin_2.4.10-10+deb8u7_amd64.deb apache2-dbg_2.4.10-10+deb8u7_amd64.deb mkdir apache2/orig -p cd apache2/orig dget http://snapshot.debian.org/archive/debian/20160916T101556Z/pool/main/a/apache2/apache2_2.4.10-10%2Bdeb8u7.dsc dpkg-source -x apache2_2.4.10-10%2Bdeb8u7.dsc cd ../.. a2dismod mpm_event a2enmod mpm_prefork systemctl stop apache2 systemctl start apache2 root@debian:~# gdb -q --pid 16415 ... (gdb) set width 0 (gdb) set pagination off (gdb) directory /home/benutzer/apache2/orig/apache2-2.4.10/server Source directories searched: /home/benutzer/apache2/orig/apache2-2.4.10/server:$cdir:$cwd (gdb) b main Breakpoint 1 at 0x556c539ec940: file main.c, line 439. (gdb) disassemble prefork_run,prefork_run+3830 Dump of assembler code from 0x7f6193a74d60 to 0x7f6193a75c56: 0x00007f6193a74d60 <prefork_run+0>: push %r15 ... 0x00007f6193a74d81 <prefork_run+33>: mov %fs:0x28,%rax ; Value loaded into $rax 0x00007f6193a74d8a <prefork_run+42>: mov %rax,0xe8(%rsp) ; Value stored in canary ... 0x00007f6193a75288 <prefork_run+1320>: mov 0xe8(%rsp),%rbx ; Canary loaded into $rbx 0x00007f6193a75290 <prefork_run+1328>: xor %fs:0x28,%rbx ; Canary compared to the original value 0x00007f6193a75299 <prefork_run+1337>: mov %r13d,%eax 0x00007f6193a7529c <prefork_run+1340>: jne 0x7f6193a75c03 <prefork_run+3747> ... 0x00007f6193a75c03 <prefork_run+3747>: callq 0x7f6193a73400 <__stack_chk_fail@plt> 0x00007f6193a75c08 <prefork_run+3752>: callq 0x7f6193a73300 <__errno_location@plt> ... 0x00007f6193a75c4b <prefork_run+3819>: jmpq 0x7f6193a75b9c <prefork_run+3644> 0x00007f6193a75c50 <set_server_limit+0>: push %rbp End of assembler dump. set width 0 set pagination off directory /home/benutzer/apache2/orig/apache2-2.4.10/server b main run