Bluetooth: ISO/Audio: Possible invalid state in broadcast

[Thalley]

Describe the bug
Bluetooth ISO treats each BIS (as both source and receiver) as individual structs. They are, however, created from a single event, where we have loops like

	SYS_SLIST_FOR_EACH_CONTAINER(&big->bis_channels, bis, node) {
		const uint16_t handle = evt->handle[i++];
		struct bt_conn *iso_conn = bis->iso;

		iso_conn->handle = sys_le16_to_cpu(handle);
		store_bis_broadcaster_info(evt, &iso_conn->iso.info);
		bt_conn_set_state(iso_conn, BT_CONN_CONNECTED);
	}

and

	SYS_SLIST_FOR_EACH_CONTAINER(&big->bis_channels, bis, node) {
		const uint16_t handle = evt->handle[i++];
		struct bt_conn *iso_conn = bis->iso;

		iso_conn->handle = sys_le16_to_cpu(handle);
		store_bis_sync_receiver_info(evt, &iso_conn->iso.info);
		bt_conn_set_state(iso_conn, BT_CONN_CONNECTED);
	}

For each call to bt_conn_set_state we call the connected channel callback (which also calls the started callback in LE Audio). However, it is possible to call e.g. bt_iso_big_terminate (or LE Audio equivalent functions) in those callbacks, which for cases with multiple BIS, would terminate the BIG, and in the case of the sync receiver, cleanup the structs etc., before returning the above loops.

For broadcast sources, it is less of an issue as the main cleanup is done when we receive a new HCI event, but it would still call

			SYS_SLIST_FOR_EACH_CONTAINER(&big->bis_channels, bis, node) {
				bt_iso_chan_set_state(bis, BT_ISO_STATE_DISCONNECTING);
			}

To Reproduce
N/A

Expected behavior
Expect that we do not clear valid memory while processing an HCI event (bt_hci_evt_le_big_sync_established or bt_hci_evt_le_big_complete). This can possibly be achieved by rejecting calls to bt_iso_big_terminate while we are processing those events.

Impact
Can cause fatal crashes if bt_iso_big_terminate is called in the connected callback. Guarding bt_iso_big_terminate would fix it in higher layers too, as they do not clear any data until after bt_iso_big_terminate has successfully returned.

Logs and console output
N/A

Environment (please complete the following information):

• Commit SHA or Version used: 1938403

Additional context
N/A

[github-actions]

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.