google · ramosian-glider · Jan 21, 2026 · Jan 20, 2026
diff --git a/executor/common_kvm_riscv64.h b/executor/common_kvm_riscv64.h
@@ -12,6 +12,7 @@
 #include <string.h>
 #include <sys/ioctl.h>
 
+#if SYZ_EXECUTOR || __NR_syz_kvm_setup_cpu
 struct kvm_text {
 	uintptr_t type;
 	const void* text;
@@ -153,5 +154,25 @@ static volatile long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volat
 
 	return 0;
 }
+#endif
+
+#if SYZ_EXECUTOR || __NR_syz_kvm_assert_reg
+static long syz_kvm_assert_reg(volatile long a0, volatile long a1, volatile long a2)
+{
+	int vcpu_fd = (int)a0;
+	uint64 id = (uint64)a1;
+	uint64 expect = a2, val = 0;
+
+	struct kvm_one_reg reg = {.id = id, .addr = (uint64)&val};
+	int ret = ioctl(vcpu_fd, KVM_GET_ONE_REG, &reg);
+	if (ret)
+		return ret;
+	if (val != expect) {
+		errno = EDOM;
+		return -1;
+	}
+	return 0;
+}
+#endif
 
 #endif // EXECUTOR_COMMON_KVM_RISCV64_H
diff --git a/pkg/vminfo/linux_syscalls.go b/pkg/vminfo/linux_syscalls.go
@@ -85,7 +85,7 @@ var linuxSyscallChecks = map[string]func(*checkContext, *prog.Syscall) string{
 	"syz_kvm_add_vcpu":              linuxSyzKvmSupported,
 	"syz_kvm_assert_syzos_uexit":    linuxSyzKvmSupported,
 	"syz_kvm_assert_syzos_kvm_exit": linuxSyzKvmSupported,
-	"syz_kvm_assert_reg":            linuxSyzSupportedOnArm64,
+	"syz_kvm_assert_reg":            linuxSyzKvmSupported,
 	"syz_emit_vhci":                 linuxVhciInjectionSupported,
 	"syz_init_net_socket":           linuxSyzInitNetSocketSupported,
 	"syz_genetlink_get_family_id":   linuxSyzGenetlinkGetFamilyIDSupported,
@@ -188,11 +188,12 @@ func linuxSyzKvmSupported(ctx *checkContext, call *prog.Syscall) string {
 			return ""
 		}
 	case "syz_kvm_setup_cpu$arm64", "syz_kvm_setup_syzos_vm$arm64", "syz_kvm_add_vcpu$arm64",
-		"syz_kvm_assert_syzos_uexit$arm64", "syz_kvm_assert_syzos_kvm_exit$arm64":
+		"syz_kvm_assert_syzos_uexit$arm64", "syz_kvm_assert_syzos_kvm_exit$arm64",
+		"syz_kvm_assert_reg%arm64":
 		if ctx.target.Arch == targets.ARM64 {
 			return ""
 		}
-	case "syz_kvm_setup_cpu$riscv64":
+	case "syz_kvm_setup_cpu$riscv64", "syz_kvm_assert_reg$riscv64":
 		if ctx.target.Arch == targets.RiscV64 {
 			return ""
 		}

diff --git a/sys/linux/dev_kvm.txt b/sys/linux/dev_kvm.txt
@@ -354,6 +354,9 @@ kvm_one_reg [
 	riscv64_config	kvm_one_reg_riscv64[kvm_regs_riscv64_config]
 	riscv64_core	kvm_one_reg_riscv64[kvm_regs_riscv64_core]
 	riscv64_csr	kvm_one_reg_riscv64[kvm_regs_riscv64_csr]
+	riscv64_timer	kvm_one_reg_riscv64[kvm_regs_riscv64_timer]
+	riscv64_f	kvm_one_reg_riscv64[kvm_regs_riscv64_f]
+	riscv64_d	kvm_one_reg_riscv64[kvm_regs_riscv64_d]
 ]
 
 type kvm_one_reg_riscv64[FTYPE] {
@@ -634,6 +637,9 @@ kvm_regs_arm64_extra = 0x603000000013c01b, 0x603000000013c01f, 0x603000000013c02
 # End of register descriptions generated by tools/arm64/registers.go
 
 # For riscv64, https://elixir.bootlin.com/linux/v6.19-rc4/source/Documentation/virt/kvm/api.rst#L2765
-kvm_regs_riscv64_config = 0x8030000000100000
+kvm_regs_riscv64_config = 0x8030000000100000, 0x8030000000100001, 0x8030000000100002, 0x8030000000100003, 0x8030000000100004, 0x8030000000100005, 0x8030000000100006, 0x8030000000100007
 kvm_regs_riscv64_core = 0x8030000000200000, 0x8030000000200001, 0x8030000000200002, 0x8030000000200003, 0x8030000000200004, 0x8030000000200005, 0x8030000000200006, 0x8030000000200007, 0x8030000000200008, 0x8030000000200009, 0x803000000020000a, 0x803000000020000b, 0x803000000020000c, 0x803000000020000d, 0x803000000020000e, 0x803000000020000f, 0x8030000000200010, 0x8030000000200011, 0x8030000000200012, 0x8030000000200013, 0x8030000000200014, 0x8030000000200015, 0x8030000000200016, 0x8030000000200017, 0x8030000000200018, 0x8030000000200019, 0x803000000020001a, 0x803000000020001b, 0x803000000020001c, 0x803000000020001d, 0x803000000020001e, 0x803000000020001f, 0x8030000000200020
 kvm_regs_riscv64_csr = 0x8030000000300000, 0x8030000000300001, 0x8030000000300002, 0x8030000000300003, 0x8030000000300004, 0x8030000000300005, 0x8030000000300006, 0x8030000000300007, 0x8030000000300008
+kvm_regs_riscv64_timer = 0x8030000004000000, 0x8030000004000001, 0x8030000004000002, 0x8030000004000003
+kvm_regs_riscv64_f = 0x8020000005000000, 0x8020000005000001, 0x8020000005000002, 0x8020000005000003, 0x8020000005000004, 0x8020000005000005, 0x8020000005000006, 0x8020000005000007, 0x8020000005000008, 0x8020000005000009, 0x802000000500000a, 0x802000000500000b, 0x802000000500000c, 0x802000000500000d, 0x802000000500000e, 0x802000000500000f, 0x8020000005000010, 0x8020000005000011, 0x8020000005000012, 0x8020000005000013, 0x8020000005000014, 0x8020000005000015, 0x8020000005000016, 0x8020000005000017, 0x8020000005000018, 0x8020000005000019, 0x802000000500001a, 0x802000000500001b, 0x802000000500001c, 0x802000000500001d, 0x802000000500001e, 0x802000000500001f, 0x8020000005000020
+kvm_regs_riscv64_d = 0x8030000006000000, 0x8030000006000001, 0x8030000006000002, 0x8030000006000003, 0x8030000006000004, 0x8030000006000005, 0x8030000006000006, 0x8030000006000007, 0x8030000006000008, 0x8030000006000009, 0x803000000600000a, 0x803000000600000b, 0x803000000600000c, 0x803000000600000d, 0x803000000600000e, 0x803000000600000f, 0x8030000006000010, 0x8030000006000011, 0x8030000006000012, 0x8030000006000013, 0x8030000006000014, 0x8030000006000015, 0x8030000006000016, 0x8030000006000017, 0x8030000006000018, 0x8030000006000019, 0x803000000600001a, 0x803000000600001b, 0x803000000600001c, 0x803000000600001d, 0x803000000600001e, 0x803000000600001f, 0x8020000006000020
diff --git a/sys/linux/dev_kvm_arm64.txt b/sys/linux/dev_kvm_arm64.txt
@@ -28,7 +28,7 @@ syz_kvm_vgic_v3_setup(fd fd_kvmvm, ncpus intptr[0:4], nirqs flags[kvm_num_irqs])
 
 # Test assertions, will not be used by the fuzzer.
 syz_kvm_assert_syzos_uexit$arm64(cpufd fd_kvmcpu, run kvm_run_ptr, exitcode int64) (no_generate)
-syz_kvm_assert_reg(fd fd_kvmcpu, reg int64, value int64) (no_generate)
+syz_kvm_assert_reg$arm64(fd fd_kvmcpu, reg int64, value int64) (no_generate)
 syz_kvm_assert_syzos_kvm_exit$arm64(run kvm_run_ptr, exitcode int64) (no_generate)
 
 # Old-style way to set up a CPU inside a KVM VM.

diff --git a/sys/linux/dev_kvm_riscv64.txt b/sys/linux/dev_kvm_riscv64.txt
@@ -31,3 +31,5 @@ kvm_text_riscv64 {
 	text	ptr[in, text[riscv64]]
 	size	len[text, intptr]
 }
+
+syz_kvm_assert_reg$riscv64(fd fd_kvmcpu, reg int64, value int64) (no_generate)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr
@@ -23,4 +23,4 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013df40, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df40, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr-emul-0 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr-emul-0
@@ -36,13 +36,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013c4f1, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c4f2, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce0, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce1, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce2, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce3, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce4, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce5, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce8, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dce9, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c4f1, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c4f2, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce0, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce1, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce2, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce3, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce4, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce5, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce8, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dce9, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr-emul-1 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr-emul-1
@@ -36,13 +36,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013dcea, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dcf0, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013dcf3, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df40, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df41, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df42, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df43, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df44, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df45, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df7f, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dcea, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dcf0, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013dcf3, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df40, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df41, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df42, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df43, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df44, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df45, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df7f, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr-emul-2 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-enable-pmu-msr-emul-2
@@ -33,10 +33,10 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013df60, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df61, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df62, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df63, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df64, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df65, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013df7f, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df60, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df61, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df62, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df63, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df64, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df65, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013df7f, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr
@@ -15,4 +15,4 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013c600, 0xfefefee0)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c600, 0xfefefee0)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-0 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-0
@@ -27,13 +27,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x6030000000138010, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138012, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138004, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013800c, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138014, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013801c, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138024, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013802c, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138005, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013800d, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138010, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138012, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138004, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013800c, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138014, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013801c, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138024, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013802c, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138005, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013800d, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-1 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-1
@@ -27,13 +27,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x6030000000138015, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013801d, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138025, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013802d, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138006, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013800e, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138016, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013801e, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138007, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013800f, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138015, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013801d, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138025, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013802d, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138006, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013800e, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138016, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013801e, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138007, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013800f, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-2 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-2
@@ -27,13 +27,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x6030000000138017, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013801f, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000138084, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013809c, 0x8000)
-syz_kvm_assert_reg(r3, 0x60300000001383c6, 0x8000)
-syz_kvm_assert_reg(r3, 0x60300000001383ce, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000139828, 0x8000)
-syz_kvm_assert_reg(r3, 0x6030000000139828, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c081, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c230, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138017, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013801f, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000138084, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013809c, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x60300000001383c6, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x60300000001383ce, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000139828, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x6030000000139828, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c081, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c230, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-3 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-3
@@ -27,13 +27,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013c520, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c521, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c522, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c523, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c641, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c643, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c644, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c648, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c659, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c65d, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c520, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c521, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c522, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c523, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c641, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c643, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c644, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c648, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c659, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c65d, 0x8000)
diff --git a/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-4 b/sys/linux/test/arm64-syz_kvm_setup_syzos_vm-msr-emul-4
@@ -27,13 +27,13 @@ r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x1, r3, 0x0)
 #
 ioctl$KVM_RUN(r3, AUTO, 0x0)
 syz_kvm_assert_syzos_uexit$arm64(r3, r5, 0xffffffffffffffff)
-syz_kvm_assert_reg(r3, 0x603000000013c65e, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c65f, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c661, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c663, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c664, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c666, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c667, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013c687, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013d000, 0x8000)
-syz_kvm_assert_reg(r3, 0x603000000013de87, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c65e, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c65f, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c661, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c663, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c664, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c666, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c667, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013c687, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013d000, 0x8000)
+syz_kvm_assert_reg$arm64(r3, 0x603000000013de87, 0x8000)
diff --git a/sys/linux/test/riscv64-kvm-reg b/sys/linux/test/riscv64-kvm-reg
@@ -0,0 +1,58 @@
+#
+# requires: arch=riscv64
+#
+
+r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
+r1 = ioctl$KVM_CREATE_VM(r0, AUTO, 0x0)
+r2 = ioctl$KVM_CREATE_VCPU(r1, AUTO, 0x0)
+
+#
+# Test config reg.
+#
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000001000002, &AUTO=0})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000001000002, 0)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000001000003, &AUTO=0})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000001000003, 0)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000001000004, &AUTO=0})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000001000004, 0)
+
+#
+# Test core reg.
+#
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000002000000, &AUTO=0x80200000})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000002000000, 0x80200000)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x803000000200000a, &AUTO=0xdeadbeef})
+syz_kvm_assert_reg$riscv64(r2, 0x803000000200000a, 0xdeadbeef)
+
+#
+# Test csr reg.
+#
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000003000000, &AUTO=0x00006000})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000003000000, 0x00006000)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000003000004, &AUTO=0x80201000})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000003000004, 0x80201000)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000003000008, &AUTO=0x1000000000001})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000003000008, 0x1000000000001)
+
+#
+# Test fp_f/d reg.
+#
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8020000005000000, &AUTO=0x3f800000})
+syz_kvm_assert_reg$riscv64(r2, 0x8020000005000000, 0x3f800000)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8020000005000020, &AUTO=0x5})
+syz_kvm_assert_reg$riscv64(r2, 0x8020000005000020, 0x5)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000006000000, &AUTO=0x3ff0000000000000})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000006000000, 0x3ff0000000000000)
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8020000006000020, &AUTO=0x1})
+syz_kvm_assert_reg$riscv64(r2, 0x8020000006000020, 0x1)
+
+#
+# Test timer reg.
+#
+ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &AUTO=@riscv64_config={0x8030000004000002, &AUTO=0x2000})
+syz_kvm_assert_reg$riscv64(r2, 0x8030000004000002, 0x2000)
+
+#
+# Test reg list.
+#
+ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &AUTO={0xac, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
diff --git a/sys/linux/test/syz_kvm_setup_cpu_riscv64 b/sys/linux/test/syz_kvm_setup_cpu_riscv64
@@ -19,6 +19,5 @@ syz_kvm_setup_cpu$riscv64(r1, r2, &(0x7f0000fe8000/0x180000)=nil,&(0x7f000000000
 
 ioctl$KVM_RUN(r2, AUTO, 0x0)
 
-ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@riscv64_core={0x803000000200000a, &AUTO})
-ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@riscv64_config={0x8030000001000000, &AUTO})
-ioctl$KVM_GET_ONE_REG(r2, AUTO, &AUTO=@riscv64_csr={0x8030000003000000, &AUTO})
+syz_kvm_assert_reg$riscv64(r2, 0x803000000200000a, 0x42)
+syz_kvm_assert_reg$riscv64(r2, 0x803000000200000b, 0x63)