1 files changed, 5 insertions, 3 deletions

diff --git a/docs/fuzzing_expert.md b/docs/fuzzing_expert.md
index ef3f8a4e..876c5fbb 100644
--- a/docs/fuzzing_expert.md
+++ b/docs/fuzzing_expert.md
@@ -87,8 +87,8 @@ The following options are available when you instrument with LTO mode (afl-clang
    transform input data before comparison. Therefore this technique is called
    `input to state` or `redqueen`.
    If you want to use this technique, then you have to compile the target
-   twice, once specifically with/for this mode, and pass this binary to afl-fuzz
-   via the `-c` parameter.
+   twice, once specifically with/for this mode by setting `AFL_LLVM_CMPLOG=1`,
+   and pass this binary to afl-fuzz via the `-c` parameter.
    Note that you can compile also just a cmplog binary and use that for both
    however there will be a performance penality.
    You can read more about this in [instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md)
@@ -149,6 +149,8 @@ The following sanitizers have built-in support in AFL++:
     vulnerabilities - which is however one of the most important and dangerous
     C++ memory corruption classes!
     Enabled with `export AFL_USE_CFISAN=1` before compiling.
+  * TSAN = Thread SANitizer, finds thread race conditions.
+    Enabled with `export AFL_USE_TSAN=1` before compiling.
   * LSAN = Leak SANitizer, finds memory leaks in a program. This is not really
     a security issue, but for developers this can be very valuable.
     Note that unlike the other sanitizers above this needs
@@ -625,4 +627,4 @@ This is basically all you need to know to professionally run fuzzing campaigns.
 If you want to know more, the tons of texts in [docs/](./) will have you covered.
 
 Note that there are also a lot of tools out there that help fuzzing with AFL++
-(some might be deprecated or unsupported), see [tools.md](tools.md).
+(some might be deprecated or unsupported), see [tools.md](tools.md).
\ No newline at end of file