Bluetooth: ISO: Fix issue with BIS tx_complete

BIS termination as broadcaster is handled different
than ACL and CIS, and in rare chances the
tx_complete for BIS may not have been completed in
the system workqueue before iso_new was called for the
same bt_conn struct (e.g. via bt_iso_cig_create), which
would perform

k_work_init(&conn->tx_complete_work, tx_complete_work);

but where conn->tx_complete_work still existed in
the system workqueue, which would cause the list
of pending items on the system workqueue to be removed
as the `next` pointer would be NULL.

This also adds an assert in bt_conn_new to prevent this
issue from appearing again.

Signed-off-by: Emil Gydesen <[email protected]>

Author: Thalley

subsys/bluetooth/host/conn.c

@@ -381,6 +381,8 @@ struct bt_conn *bt_conn_new(struct bt_conn *conns, size_t size)
 	k_work_init_delayable(&conn->deferred_work, deferred_work);
 #endif /* CONFIG_BT_CONN */
 #if defined(CONFIG_BT_CONN_TX)
+	__ASSERT(!k_work_is_pending(&conn->tx_complete_work),
+		 "tx_complete_work is pending, performing k_work_init will break the workqueue");
 	k_work_init(&conn->tx_complete_work, tx_complete_work);
 #endif /* CONFIG_BT_CONN_TX */