/proc/<pid>/syscall fills in a struct syscall_info using an architecture specific implementation. The structure has a u64[6] for argument registers to be put into. On a 32bit implementation(ARM and x86) this is cast down to a u32 and written to. Leaving only 24 of the 48bytes initialized. When the data is printed a %llx format specifier is used which prints 8bytes; leaking some kernel data.