sys, executor: incorrect handling of syz_io_uring_setup()

[ramosian-glider]

The following program:

r0 = syz_open_dev$usbmon(&(0x7f0000000180), 0x0, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000240)={0x0})
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x8000)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x0)
syz_io_uring_setup(0x100b7e, &(0x7f0000000280)={0x0, 0x0, 0x1810}, &(0x7f0000000000), &(0x7f00000000c0))

consistently smashes the kcov mapping for me on ARM64 QEMU.

This happens under the following conditions:

• mappings created by syz_io_uring_setup() (see https://github.com/google/syzkaller/blob/d367cbe5791e415abaed06819481019104eaf42a/executor/common_linux.h#L1943) are placed before the kcov mapping (e.g. no other mappings are created by the executor)
• IORING_SETUP_CQE32 and/or IORING_SETUP_SQE128 are passed to io_uring_setup(), leading to incorrect calculation of the ring buffer size.

The described problem leads to ci-upstream-gce-arm64 generating tens of thousands of invalid kcov signals, boosting some random programs that happen to set up the uring.