syzbot: scale security impact

[tarasmadan]

How to scale the syzbot security impact?
It is also the question how to measure it.

Context
For example, we can show the kfree coverage. I expect it to be a proxy metric for uaf_count.
Another idea is to focus more on the security sensitive objects. @sirdarckcat and @artmetla know more about it.

[tarasmadan]

CC @kees , @xairy

[dvyukov]

Both properties can be relatively easily extracted using syz-declextract and reflected in https://github.com/google/syzkaller/blob/master/sys/linux/auto.txt.info
(also pointer arithmetic for OOBs)

[tarasmadan]

Thanks @dvyukov !
Thinking about the security impact perspective, I'd like us to be sure this is the highest RoI path.
If you see some problem fields, please mention them here.

[dvyukov]

From RoI perspective the first question is who/how will use the signal (if we assume we have perfect security score whatever it means). Do you have any ideas around that?

[tarasmadan]

Do you have any ideas around that?

I'd like to know whether specific kernel build has some syzbot reported and unfixed vulnerabilities.
#6453 in combination with sbom will give it.