[nrf fromtree] bluetooth: host: l2cap: Check conn state before queueing PDU

In case of UATT, if a connection was lost while user was holding a read
or write attribute callback, `bt_l2cap_send_pdu` (called from
`att.c::chan_send`) will anyway queue a PDU and trigger tx work. The PDU
won't be sent eventually, but neither will hold an error code, which
will allow it to bypass the error check in `att_on_sent_cb` and call
`att_sent` function.

For EATT `bt_l2cap_chan_send` is used which already handles this case
and the error code is passed to `att_on_sent_cb`.

This change adds connection state check to `bt_l2cap_send_pdu`
preventing from unnecessary code execution when connection does not
exist anymore.

Signed-off-by: Pavel Vasilyev <[email protected]>
(cherry picked from commit 74972e6)

Author: PavelVPV

subsys/bluetooth/host/l2cap.c

@@ -717,6 +717,10 @@ static void cancel_data_ready(struct bt_l2cap_le_chan *le_chan)
 int bt_l2cap_send_pdu(struct bt_l2cap_le_chan *le_chan, struct net_buf *pdu,
 		      bt_conn_tx_cb_t cb, void *user_data)
 {
+	if (!le_chan->chan.conn || le_chan->chan.conn->state != BT_CONN_CONNECTED) {
+		return -ENOTCONN;
+	}
+
 	if (pdu->ref != 1) {
 		/* The host may alter the buf contents when fragmenting. Higher
 		 * layers cannot expect the buf contents to stay intact. Extra