[SOLVED] kernel panic Failed to execute /init no working init found after update, encrypted luks lvm

This topic is a note to future self, with lots of keywords for better googling (because searching for e.g. “ERROR: failed to install '/usr/bin/ldd:” provides whopping 4 (four) results none of which are relevant).

Problem: if you have an LUKS encrypted LVM and after updating the kernel and/or grub the system does not boot “Failed to execute /init (error -2)”, “no working init found”, and passing the boot parameter “init=/bin/bash” does not work as well — it means that the initramfs / initrd could not decrypt the root partition (“error -2” means “no such file” — i.e. no /sbin/init and no /bin/bash found on the root partition).


  1. burn a bootable CD or LiveUSB, openSUSE preferred but any will work;
  2. boot from LiveUSB into the “Rescue system” (note: on openSUSE 15 rescue the login is “root” and the password is empty)
  3. decrypt the hard drive and mount the root partition of the installed system, or decrypt the LVM root partition and mount it
  4. mount remaining necessary directories then chroot into installed system
  5. run mkinitrd to regenerate the initial ram disk with all neccessary modules (lvm, etc), and run grub2-mkconfig to regenerate the grub boot menu config; watch for the errors and fix if any warnings/errors found!
  6. reboot and enjoy.

I hope no explanation needed for steps 1-2 so starting with step number 3)

we will mount the installed system into /mnt/, ensure that it is empty. if not - choose another directory; e.g. create it with mkdir /mychroot/ and use “/mychroot/” instead of “/mnt/” in all commands below

ls -la /mnt/

find which partitions are: LVM, boot drive, boot/EFI (if needed)

fdisk -l


#Device Start End Sectors Size Type
#/dev/sda1 2048 616447 614400 300M Linux filesystem
#/dev/sda2 616448 821247 204800 100M EFI System
#/dev/sda3 821248 6309887 5488640 2.6G Linux swap
#/dev/sda4 6309888 500119268 493809381 235.5G Linux LVM

in my example sda1 is /boot/, sda2 is /boot/efi/, sda3 is swap (not needed in rescue), and sda4 is partition with encrypted LVM

the next steps vary depending on how you encrypted your system: you may have whole encrypted HDD partition and LVM inside it (as in my example); or you may have LVM on top with encrypted partition inside.

if encrypted HDD partition with LVM inside:

decrypt the partition

cryptsetup luksOpen /dev/sda4 sdasda

find the volume group

vgscan -v

fing the LVM

lvscan -v

activate the LVM with name “LVM-NAME”, found in the previous command, if not active yet.

lvchange -a y LVM-NAME

find the name of the root LVM partition with “ls -l /dev/LVM-NAME/” then mount it

mount /dev/LVM-NAME/PARTITION /mnt/

if LVM on top, with encrypted partition inside:

find the volume group

vgscan -v

fing the LVM

lvscan -v

activate the LVM with name “LVM-NAME”, found in the previous command

lvchange -a y LVM-NAME

decrypt the root partition of the installed system

cryptsetup luksOpen /dev/LVM-NAME/PARTITION asdasd

mount the root partition

mount /dev/mapper/asdasd /mnt/

Step number 4)

we need to mount boot partition of the HDD and several directories from the Rescue system inside the installed system:

/boot is most important! initrd will be stored there.

mount /dev/sda1 /mnt/boot/
mount /dev/sda2 /mnt/boot/efi/
mount --bind /proc/ /mnt/proc/
mount --bind /dev/ /mnt/dev/
mount --bind /dev/pts/ /mnt/dev/pts/
mount --bind /sys/ /mnt/sys/

not really necessary but will help if you want to connect to the internet using the NetworkManager

mount --bind /run/ /mnt/run/
mount --bind /var/run/ /mnt/var/run/

chroot into the installed system

chroot /mnt/

Step number 5)

generate the initramfs with the necessary modules

mkinitrd -f lvm2 -m “aes sha256 dm-crypt” 2>&1 | tee mk.log

read the log and search for errors and warnings and fix them

less mk.log

for example, I had a lot of errors like: dracut-install: ERROR: failed to install ‘/usr/bin/ldd:’ for ‘/bin/sh’ (note the colon after ldd), for ‘/usr/bin/udevadm’, and so on.

After running “/usr/bin/ldd” directly I saw something like “/usr/bin/ldd: /usr/bin/bash: no such file or directory”, and there really was no /usr/bin/bash in the installed system.

So I made a symlink “ln -s /bin/bash /usr/bin/bash” and errors went away.

generate initrd again if you found and fixed some errors. not necessary if there were no errors in the previous run.

mkinitrd -f lvm2 -m “aes sha256 dm-crypt” 2>&1 | tee mk.log

read the log and search for errors and warnings and fix them. repeat until there are no errors.

less mk.log

re-generate the boot config

grub2-mkconfig > grub_new.cfg

compare the old config with the new one. if everything looks good - replace the old config with the new one:

diff -u -w -B /boot/grub2/grub.cfg grub_new.cfg
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_backup
mv -f grub_new.cfg /boot/grub2/grub.cfg

Step number 6)

exit from the chroot, unmount all partitions, close the LUKS partition, reboot and enjoy.

umount /mnt/sys/
umount /mnt/proc/
umount /mnt/dev/pts/
umount /mnt/dev/
umount /mnt/var/run/
umount /mnt/run/
umount /mnt/boot/efi/
umount /mnt/boot/

if you have an encrypted HDD partition with LVM inside (like in my example):

lvchange -a n LVM-NAME
cryptsetup luksClose sdasda

or if you have an encrypted partition within LVM:

cryptsetup luksClose asdasd
lvchange -a n LVM-NAME

init 6 # reboot and hope for the best :slight_smile:

BONUS: how to connect to the Internet using NetworkManager inside chroot

systemd will not run any service, e.g. running

systemctl start NetworkManager

will result in “Running in chroot, ignoring request.”, so we need to run the binaries directly.

assuming that we are inside chroot already

#chroot /mnt

start DBUS

dbus-daemon --system

run NetworkManager directly, in the background. wpa_supplicant should start automatically with NetworkManager, if not - run it manually.

NetworkManager &

start udev to be able to use cards/modems

udevd --daemon

rescan connected devices

udevadm control -R

if you use mobile internet - run ModemManager directly, in the background.

ModemManager &

and connect to the Internet using your configured connection

nmcli connection up YOUR-CONNECTION-NAME

note: to be able to unmount the chroot directories you will have to kill all started programs, e.g. killall NetworkManager, wpa_supplicant, udevd, etc.

Cheers and Have a lot of fun!

As this post is not a request for help, it will be moved to our ‘Unreviewed-How-To-and-FAQ’ subforum.