io_uring/waitid: always prune wait queue entry in io_waitid_wait()

commit 2f8229d5 upstream.

For a successful return, always remove our entry from the wait queue
entry list. Previously this was skipped if a cancelation was in
progress, but this can race with another invocation of the wait queue
entry callback.

Cc: stable@vger.kernel.org
Fixes: f31ecf67 ("io_uring: add IORING_OP_WAITID support")
Reported-by:  <syzbot+b9e83021d9c642a33d8c@syzkaller.appspotmail.com>
Tested-by:  <syzbot+b9e83021d9c642a33d8c@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/io-uring/68e5195e.050a0220.256323.001f.GAE@google.com/


Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>