avctp: Fix crash when disconnecting

When disconnecting the channel queue shall not be destroyed before
freeeing all requests including those that already have been processed
otherwise the following crash may happen:

4 errors in context 2 of 103:
Invalid read of size 4
   at 0x12A5C2: control_req_destroy (avctp.c:762)
   by 0x12A539: pending_destroy (avctp.c:517)
   by 0x48A0D48: g_slist_foreach (in /usr/lib/libglib-2.0.so.0.3600.0)
   by 0x12A77B: avctp_channel_destroy (avctp.c:553)
   by 0x12A801: avctp_disconnected (avctp.c:570)
   by 0x12A0F1: control_disconnect (control.c:134)
   by 0x1306B9: avrcp_disconnect (avrcp.c:4471)
   by 0x17DAE9: btd_service_disconnect (service.c:307)
   by 0x18437D: dev_disconn_service (device.c:1405)
   by 0x48A0D48: g_slist_foreach (in /usr/lib/libglib-2.0.so.0.3600.0)
   by 0x187D87: device_request_disconnect (device.c:1437)
   by 0x187EC6: dev_disconnect (device.c:1522)
 Address 0x4fde068 is 0 bytes inside a block of size 16 free'd
   at 0x48252B3: free (vg_replace_malloc.c:446)
   by 0x4888172: g_free (in /usr/lib/libglib-2.0.so.0.3600.0)
   by 0x12AB64: avctp_queue_destroy (avctp.c:537)
   by 0x48A0D48: g_slist_foreach (in /usr/lib/libglib-2.0.so.0.3600.0)
   by 0x48A0D91: g_slist_free_full (in /usr/lib/libglib-2.0.so.0.3600.0)
   by 0x12A75E: avctp_channel_destroy (avctp.c:552)
   by 0x12A801: avctp_disconnected (avctp.c:570)
   by 0x12A0F1: control_disconnect (control.c:134)
   by 0x1306B9: avrcp_disconnect (avrcp.c:4471)
   by 0x17DAE9: btd_service_disconnect (service.c:307)
   by 0x18437D: dev_disconn_service (device.c:1405)
   by 0x48A0D48: g_slist_foreach (in /usr/lib/libglib-2.0.so.0.3600.0)

0 files changed, 0 insertions, 0 deletions