diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-04-09 09:49:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-09 09:49:36 +0200 |
| commit | f13fb4453e351757c8b77c7c0dc0d9d9967a16b8 (patch) | |
| tree | f88bc4d2ed2f8960a044b4b78143977739d8194c /docs/syzbot.md | |
| parent | 77bd5117c32d12f3be432e07f327b4989efe2515 (diff) | |
Update syzbot.md
Diffstat (limited to 'docs/syzbot.md')
| -rw-r--r-- | docs/syzbot.md | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/docs/syzbot.md b/docs/syzbot.md index 8fe2cc402..82912cd49 100644 --- a/docs/syzbot.md +++ b/docs/syzbot.md @@ -130,8 +130,16 @@ implementation limitations of course). `KMSAN` is not upstream yet, though, we want to upstream it later. For now, it lives in [github.com/google/kmsan](https://github.com/google/kmsan) and is based on a reasonably fresh upstream tree. As the result, any patch testing -requests for `KMSAN` bugs need to go to `KMSAN` tree. Also note that `KMSAN` -requires `clang` compiler. +requests for `KMSAN` bugs need to go to `KMSAN` tree +(`https://github.com/google/kmsan.git`). Also note that `KMSAN` requires +`clang` compiler. + +Report explanation. The first call trace points to the `use` of the uninit value +(which is usually a branching or copying it to userspace). Then there are 0 or +more "Uninit was stored to memory at:" stacks which denote how the unint value +travelled through memory. Finally there is a "Uninit was created at:" +section which points either to a heap allocation or a stack variable which +is the original source of uninitialized-ness. ## Is syzbot code available? |