What is happening here is that a new client is opening an ICE connection in the GSM_MANAGER_PHASE_END_SESSION phase, which causes a new GsmXSMPClient to be added to the client store. The GSM_MANAGER_PHASE_EXIT phase then begins before the client has had a chance to establish a xsmp connection, which means that the smsConn for the client will not be initialized at the point that xsmp_stop is called on the new unregistered client.
This is easily reproducible by running something that uses xsmp (such as Metacity) in GDB, and breaking on IceProtocolSetup. Once this call has been reached (and the client interrupted at this point), logging out of your session will make gnome-session crash with 100% repeatability.
What is happening here is that a new client is opening an ICE connection in the GSM_MANAGER_ PHASE_END_ SESSION phase, which causes a new GsmXSMPClient to be added to the client store. The GSM_MANAGER_ PHASE_EXIT phase then begins before the client has had a chance to establish a xsmp connection, which means that the smsConn for the client will not be initialized at the point that xsmp_stop is called on the new unregistered client.
This is easily reproducible by running something that uses xsmp (such as Metacity) in GDB, and breaking on IceProtocolSetup. Once this call has been reached (and the client interrupted at this point), logging out of your session will make gnome-session crash with 100% repeatability.