timerqueue: Use rb_entry_safe() in timerqueue_getnext()

mainline inclusion
from mainline-v6.2-rc1
commit 2f117484
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8MCB5


CVE: NA

---------------------------

When `timerqueue_getnext()` is called on an empty timer queue, it will
use `rb_entry()` on a NULL pointer, which is invalid. Fix that by using
`rb_entry_safe()` which handles NULL pointers.

This has not caused any issues so far because the offset of the `rb_node`
member in `timerqueue_node` is 0, so `rb_entry()` is essentially a no-op.

Fixes: 511885d7 ("lib/timerqueue: Rely on rbtree semantics for next timer")
Signed-off-by: Barnabás Pőcze <pobrn@protonmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20221114195421.342929-1-pobrn@protonmail.com


Signed-off-by: liwei <liwei728@huawei.com>