Comment 12 for bug 445422

The bug seems to stem from the fact that bluetooth_killswitch_init in lib/bluetooth-killswitch.c sets up an IO watch, but bluetooth_killswitch_finalize doesn't clean it up. As such, when the event actually does come, event_cb goes and uses a freed object handle and promptly explodes.

Attached is a patch that solves this problem, but I think there's another, more fundamental bug here; if the bluetooth dongle isn't plugged in at startup, it seems to deinitialize killswitch handling permanently. For example, if I start it up with the dongle in, then unplug the dongle:
** Message: adding killswitch idx 22 state 1
** Message: Reading of RFKILL events failed
** Message: killswitch 22 is 1
** Message: killswitches state 1
** Message: killswitch 22 is 1
** Message: killswitches state 1
** Message: RFKILL event: idx 22 type 2 op 1 soft 0 hard 0

** Message: removing killswitch idx 22
** Message: killswitches state 1

But if I start with it out, then plug it in and remove it:
** Message: Reading of RFKILL events failed
** Message: killswitches state 1

Perhaps the killswitch-unreffing in main.c:990 should be removed as well? I'm not familiar enough with the code to know if this is the right approach, though.