Not sure if this matters, but bug_cc = 0x40.

(gdb) bt
#0  0x0000003227a3e1f3 in g_list_last (list=0x40) at glist.c:857
#1  0x0000003227a3e28e in g_list_append (list=0x40, data=0x1df9460) at glist.c:268
#2  0x00000000004034e9 in get_bug_cc (bz=0x7fffd0708180, result_xml=0x1e9d380, this=0x7fffd07081e0) at abrt-action-bugzilla.cpp:291
#3  (anonymous namespace)::ctx::get_bug_info (this=0x7fffd07081e0, bz=0x7fffd0708180, bug_id=<optimized out>) at abrt-action-bugzilla.cpp:591
#4  0x0000000000401ed1 in report_to_bugzilla (settings=0x1d8c000, dump_dir_name=0x403e7f ".") at abrt-action-bugzilla.cpp:715
#5  main (argc=<optimized out>, argv=<optimized out>) at abrt-action-bugzilla.cpp:961
(gdb) frame 2
#2  0x00000000004034e9 in get_bug_cc (bz=0x7fffd0708180, result_xml=0x1e9d380, this=0x7fffd07081e0) at abrt-action-bugzilla.cpp:291
291	                bz->bug_cc = g_list_append(bz->bug_cc, (char*)cc);
(gdb) print *bz
$1 = {bug_status = 0x1df9560 "NEW", bug_resolution = 0x0, bug_reporter = 0x1df94e0 "me", bug_product = 0x1dfd1f0 "Fedora", 
  bug_dup_id = -1, bug_cc = 0x40}
(gdb) frame 3
#3  (anonymous namespace)::ctx::get_bug_info (this=0x7fffd07081e0, bz=0x7fffd0708180, bug_id=<optimized out>) at abrt-action-bugzilla.cpp:591
591	    get_bug_cc(result, bz);
(gdb) print *bz
$2 = {bug_status = 0x1df9560 "NEW", bug_resolution = 0x0, bug_reporter = 0x1df94e0 "me", bug_product = 0x1dfd1f0 "Fedora", 
  bug_dup_id = -1, bug_cc = 0x40}

Created attachment 489231 [details]
screenshot showing error message when abrt-action-bugzilla segfaults

FWIW, I am reproducing this segfault with
abrt-plugin-bugzilla-2.0.0-3.fc15.x86_64.

Thanks for really good details. I can give you one simple oneliner patch which set cc_bug to NULL (must be set!), but the bug your are reporting is like nightmare. I can't reproduce it and of course f15 doesn't boot.

(In reply to comment #0)
> [joeblow@fir abrt]$ gdb abrt-action-bugzilla abrt-action-bugzilla-coredump
> ...
> Core was generated by `abrt-action-bugzilla -c
> /etc/abrt/plugins/Bugzilla.conf'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x0000003227a3e1f3 in g_list_last (list=0x40) at glist.c:857
> 857       while (list->next)
> ...

Looks to me as bug in glibc. I did call that.

> (gdb) bt
> #0  0x0000003227a3e1f3 in g_list_last (list=0x40) at glist.c:857
> #1  0x0000003227a3e28e in g_list_append (list=0x40, data=0x1df9460) at
> glist.c:268

I think its reproducible every time, did you see 0x40 always? This could be problem that list is not set to NULL and 0x40 is garbage from memory, because it's not initialized to NULL if not bug in glibc

*** Bug 692286 has been marked as a duplicate of this bug. ***

(In reply to comment #3)
> ... of course f15 doesn't boot.

Setting selinux to "permissive" might help:
/etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
#SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

(In reply to comment #3)
...
> I think its reproducible every time, did you see 0x40 always? This could be
> problem that list is not set to NULL and 0x40 is garbage from memory, because
> it's not initialized to NULL if not bug in glibc

Yes, bug_cc always seems to be 0x40. Frame 4 (below) shows that bz.bug_cc is 0x40 in report_to_bugzilla().

I reproduced the segfault by attempting to resubmit a bug I had already submitted, so that the bug would be detected as a duplicate.

(gdb) bt
#0  0x0000003227a3e1f3 in g_list_last (list=0x40) at glist.c:857
#1  0x0000003227a3e28e in g_list_append (list=0x40, data=0x146e610) at glist.c:268
#2  0x00000000004034e9 in get_bug_cc (bz=0x7fff30add7e0, result_xml=0x13b14e0, this=0x7fff30add840)
    at abrt-action-bugzilla.cpp:291
#3  (anonymous namespace)::ctx::get_bug_info (this=0x7fff30add840, bz=0x7fff30add7e0, bug_id=<optimized out>)
    at abrt-action-bugzilla.cpp:591
#4  0x0000000000401ed1 in report_to_bugzilla (settings=0x1365000, dump_dir_name=0x403e7f ".")
    at abrt-action-bugzilla.cpp:715
#5  main (argc=<optimized out>, argv=<optimized out>) at abrt-action-bugzilla.cpp:961
(gdb) frame 4
#4  0x0000000000401ed1 in report_to_bugzilla (settings=0x1365000, dump_dir_name=0x403e7f ".")
    at abrt-action-bugzilla.cpp:715
715	        if (bz_server.get_bug_info(&bz, bug_id) == -1)
(gdb) print bz
$1 = {bug_status = 0x146e710 "NEW", bug_resolution = 0x0, bug_reporter = 0x146e690 "stephent98", 
  bug_product = 0x145ccc0 "Fedora", bug_dup_id = -1, bug_cc = 0x40}

*** Bug 692286 has been marked as a duplicate of this bug. ***

(In reply to comment #5)
> (In reply to comment #3)
> > ... of course f15 doesn't boot.
> 
> Setting selinux to "permissive" might help:
> /etc/selinux/config
> 
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #     enforcing - SELinux security policy is enforced.
> #     permissive - SELinux prints warnings instead of enforcing.
> #     disabled - No SELinux policy is loaded.
> SELINUX=permissive
> #SELINUX=enforcing
> # SELINUXTYPE= can take one of these two values:
> #     targeted - Targeted processes are protected,
> #     mls - Multi Level Security protection.
> SELINUXTYPE=targeted

thanks god that guestfish exists, I'm going to test a simple patch. It will be extraordinary good if I had your crash dump. If you don't have to attach here, just send me crash dump via mail

Could you try this build? http://koji.fedoraproject.org/koji/taskinfo?taskID=2971231

(In reply to comment #9)
> Could you try this build?
> http://koji.fedoraproject.org/koji/taskinfo?taskID=2971231

Sorry for the delay in replying.[1]

The scratch build appears to have eliminated the crash when submitting a duplicate bug.

I verified the crash occurred with abrt-2.0.0-3.fc15.x86_64,
updated to abrt-2.0.0.32.gf8a7-1.fc15.x86_64, rebooted,
and abrt reported the duplicate without crashing.

[1] abrt has so many packages, I thought it would good to use koji to download them. Instead, there is:
Bug 675140 - koji should be able to download a scratch build

Created attachment 489836 [details]
screenshot showing successful completion of duplicate detection

http://koji.fedoraproject.org/koji/taskinfo?taskID=2971231

abrt-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-addon-ccpp-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-addon-kerneloops-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-addon-python-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-debuginfo-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-desktop-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-gui-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-libs-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-plugin-bugzilla-2.0.0.32.gf8a7-1.fc15.x86_64
abrt-plugin-logger-2.0.0.32.gf8a7-1.fc15.x86_64

> [1] abrt has so many packages, I thought it would good to use koji to download
> them. Instead, there is:
> Bug 675140 - koji should be able to download a scratch build

Agree! pretty annoying



commit 9e97b993b215f06c0aa3afb0e54cc51344922317
Author: Nikola Pajkovsky <npajkovs>
Date:   Fri Apr 1 10:54:05 2011 +0200

    GList was not set to NULL, possibly sigsegv on f15
    
    Signed-off-by: Nikola Pajkovsky <npajkovs>

(In reply to comment #10)
> 
> [1] abrt has so many packages, I thought it would good to use koji to download
> them. Instead, there is:
> Bug 675140 - koji should be able to download a scratch build

- I wrote a scratch downloader, you can download it here: http://jmoskovc.fedorapeople.org/scratchdown.zip

the usage is: 
./koji_downloader -u <user who owns the build> -t <task_id>

so in this case:

./koji_downloader -u npajkovs -t 2971231

Thanks, Nikola.
https://fedorahosted.org/abrt/changeset/9e97b993b215f06c0aa3afb0e54cc51344922317

Jiri, thanks for the scratch downloader.
I've made note of it in Bug 675140, Comment 2.

*** Bug 694081 has been marked as a duplicate of this bug. ***

*** Bug 694791 has been marked as a duplicate of this bug. ***

abrt-2.0.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/abrt-2.0.1-1.fc15

Package abrt-2.0.1-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing abrt-2.0.1-1.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/abrt-2.0.1-1.fc15
then log in and leave karma (feedback).

abrt-2.0.1-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/abrt-2.0.1-2.fc15

abrt-2.0.1-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.