0xb4 (180) is pread(64) on SH, which goes via a special wrapper[0] with a dummy argument that gets stripped. This dummy argument ensures that the 64-bit offset is aligned. However, linux-user doesn't know about this, and so takes (arg4, arg5) as the 64-bit value, rather than (arg5, arg6), leading to the host kernel trying to read 0x340000000000000000 bytes (and rightly returning 0 for EOF).
Ok, I was wrong, there's a whole load of code being included inside the function from a header. The issue seems to be the pread:
20771@150525457 8.940000: guest_user_ syscall cpu=0x62850620 num=0x000000000 00000b4 arg1=0x00000000 00000003 arg2=0xffffffff f6fe6798 arg3=0x00000000 00000020 arg4=0x00000000 00000000 arg5=0x00000000 00000034 arg6=0x00000000 00000000 arg7=0x00000000 00000000 arg8=0x00000000 00000000 8.940005: guest_user_ syscall_ ret cpu=0x62850620 num=0x000000000 00000b4 ret=0x000000000 0000000
20771@150525457
0xb4 (180) is pread(64) on SH, which goes via a special wrapper[0] with a dummy argument that gets stripped. This dummy argument ensures that the 64-bit offset is aligned. However, linux-user doesn't know about this, and so takes (arg4, arg5) as the 64-bit value, rather than (arg5, arg6), leading to the host kernel trying to read 0x3400000000000 00000 bytes (and rightly returning 0 for EOF).
[0] https:/ /github. com/torvalds/ linux/blob/ e0d072250a54669 dce876d8ade70e4 17356aae74/ arch/sh/ kernel/ sys_sh32. c#L38