Hi Paolo,
Looking into another issue (my son's gaming machine - counter-strike source on linux) I came across this interesting parameter whereby winex/Cedega won't run steam unless legacy support for legacy VA layout is enabled on a 2.6.9 kernel.
Well, I thought, I'd better try that out......
With 2.6.12+bs9 on x86_64 the error now changes
On the host set:
sysctl -w va.legacy_va_layout=1
sysctl -w kernel.randomize_va_space=0
Starting the uml with init=/bin/sh starts up as usual. Performing the ls command now result in a different thing happening:
Bad op in do_proc_op
Where as before it produced:
Child 22915 exited with signal 11

Furthermore, Ctrl-C shuts everything down cleanly. Don't the significance if any of all this, but if feels better.
Conducting the same test on 32bit 2.6.12+bs9 results in total disaster (feels very bad):
<0>Kernel panic - not syncing: fix_range fixing wrong address space, current=0xabebf6c0
folloed by lost of register dumps and traceback stuff (2 lots actually - which I take to mean it really really crashed).
I can only get init=/bin/sh to go when kernel.randomize_va_space=1 and vm.legacy_va_layout=0
Running the ls command then results in a message similar to:
Child 22915 exited with signal 11
Perhaps the only thing of value in all this is va.legacy_va_layout which may be useful to UML. It seems to do something, I just don't know what.
>Hi Paolo,
>>Try also following this (from another email) - it appeared in vanilla
>>and may be in your FC4 kernel. Not sure but it may be playing a role
>>"It looks like VA space randomization is the culprit.  The problem only
>>shows up when the host is 2.6.12, and can be solved by setting the
>>kernel.randomize_va_space sysctl to zero.  Thanks for the pointer
>Here are the results with sysctl -w kernel.randomize_va_space=0.
>Essentially no effect observed.