When learning Linux Operating Systems, I know the following things:
So, what's under 0x400000, is it reserved?
As Maxim says, it's simply unmapped. The pages in that region are marked as "not present" in the CPU's page tables, so that accessing them causes a page fault; and the kernel knows they are not backed by any physical memory, file, or swap space, so that such a page fault will be handled by delivering a segmentation fault signal (SIGSEGV) to the process, normally killing it.
It is desirable for at least the lowest page of a program's virtual address space to be unmapped, so that accesses to address 0 (null pointer dereference) will cause a segmentation fault instead of allowing a buggy program to continue running. Leaving a larger region unmapped is also nice so that, for instance, if the program tries to access p[i] where p is a null pointer and i is somewhat greater than 4096, the program will again get a segfault. In 32-bit mode, the value 0x400000 is convenient because this is 4 MB and corresponds to one entry in the page directory. See https://wiki.osdev.org/Paging for an introduction to x86 paging.
So, what's under 0x400000, is it reserved?
That's virtual address space that doesn't have any physical memory mapped. See page table for more details.
You can view the virtual address space mappings of a process with:
cat /proc/<pid>/maps
Base address of 0x400000 is somewhat arbitrary, and address space randomisation (enabled by default) loads executables at different addresses at each run. You can observe the effect of address space randomisation by running cat /proc/self/maps twice and observing that cat executable is loaded at different virtual address on each run (provided cat is an executable and not a shell built-in).
The minimum virtual address is controlled by vm.mmap_min_addr sysctl variable. On Ubuntu 18.04.5 LTS its default value is 65536 (0x10000 in hex).
