What steps will reproduce the problem? 1. RFCOMM connection is successfully created (using a client and the daemon). 2. The client is closed, causing L2CAP_DISCONNECT event to be raised. 3. In rfcomm_multiplexer_state_machine, RFCOMM_MULTIPLEXER_SEND_UA_0_AND_DISC is reached. rfcomm_multiplexer_finalize is called, which frees the multiplexer, but multiplexer->at_least_one_connection is being accessed right afterwards.

What version of the product are you using? On what operating system? Present in the latest r2598.

Ouch. Thanks for reporting. Fixed in r2599