Thanks for reporting this. Please provide information to reproduce - distribution, installed gnome-screensaver version, if you use gnome-shell or fallback mode, etc.

Crashy crashy. I think I managed to crash the X server doing that.

Created attachment 283934 [details] [review]
session: Make sure to clear the worker proxy as well

If we leak this, then we open ourselves up for trouble when we have
active outgoing requests on a freed conversation, leading to crashes and
other fun things.

Review of attachment 283934 [details] [review]:

Nice find.  I think there may be more going on though...

::: daemon/gdm-session.c
@@ +1669,3 @@
         g_free (conversation->starting_username);
         g_free (conversation->session_id);
+        g_clear_object (&conversation->worker_proxy);

So the first question i had when I saw this is, is there any other things we're forgetting to free? This lead me to find a few of other issues:

1) stop_conversation_now is also freeing the worker_manager_interface, but  stop_conversation isn't. Both stop_conversation and stop_conversation_now also free the worker connection.

2) We only stash away the worker connection to close and free it later.  We could just as easily retrieve it from the worker proxy rather than keep a reference of our own.

3) We set up a on_worker_connection_closed signal handler to drop the worker connection reference owned by the pending_worker_connections list, but we don't disconnect the handler when giving up the reference.

Created attachment 283964 [details] [review]
session: get rid of the worker_connection state variable in conversation object

The conversation object maintains a pointer to the worker connection and
to the worker proxy.  The proxy already keeps a reference on the worker
connection, so there's no need to keep an explicit reference on the
connection directly.

This commit drops this extra reference.

Created attachment 283965 [details] [review]
session: make sure worker manager interface is freed up

Right now we unref the worker manager interface in one function:

stop_conversation_now

We neglect to unref it in stop_conversation and, of course, it's
owned by the conversation object so it should get freed when the
conversation is freed.

This commit changes the stop functions to deactivate the interface
in stop, changes the free function to drop the reference to the interface.

Created attachment 283966 [details] [review]
session: factor out duplicated code

The top half of stop_conversation and stop_conversation_now is
and should remain identical.  This commit refactors that part of
each function into its own function.

Created attachment 283967 [details] [review]
session: disconnect dbus connection "closed" handler when no longer needed

We temporarily maintain a reference to a dbus connection to the worker
process in a linked list, while we wait for the worker to register.  If
we need to close the connection before the worker registers, then we
drop the held reference by way of a "closed" signal handler on the
connection object.

Once the worker registers, we remove the connection from the linked
list, and transfer ownership of the connection to a state variable in
the now running conversation object.  When performing the reference
transfer, we neglect to the disconnect the "closed" handler.

This commit makes sure the handler gets disconnected appropriately, so
it doesn't get called inappropriately.

Jasper says he looked through the patches and tested them, so pushing...

Attachment 283934 [details] pushed as 2d414a9 - session: Make sure to clear the worker proxy as well
Attachment 283964 [details] pushed as b5ba458 - session: get rid of the worker_connection state variable in conversation object
Attachment 283965 [details] pushed as b0791a8 - session: make sure worker manager interface is freed up
Attachment 283966 [details] pushed as 4e22334 - session: factor out duplicated code
Attachment 283967 [details] pushed as 6532d14 - session: disconnect dbus connection "closed" handler when no longer needed