io_uring: finish waiting before flushing overflow entries

If we have overflow entries being generated after we've done the
initial flush in io_cqring_wait(), then we could be flushing them in the
main wait loop as well. If that's done after having added ourselves
to the cq_wait waitqueue, then the task state can be != TASK_RUNNING
when we enter the overflow flush.

Check for the need to overflow flush, and finish our wait cycle first
if we have to do so.

Reported-and-tested-by:  <syzbot+cf6ea1d6bb30a4ce10b2@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/io-uring/000000000000cb143a05f04eee15@google.com/


Signed-off-by: Jens Axboe <axboe@kernel.dk>