dovecot init.d discovers the pidfile variable in a way that blocks on a low entropy system
From console
* /run/lock: creating directory
* /run/lock: correcting owner
* Mounting xenfs ... [ ok ]
[ 3.798024] random: doveconf: getrandom without GRND_NONBLOCK while crng not ready
[ 259.681214] random: crng init done
* Caching service dependencies ... [ ok ]
* Remounting /dev according to fstab ... [ ok ]
Note: that GRND_NONBLOCK printout is from a patched kernel
From dovecot init.d script
cfgfile=/etc/dovecot/dovecot${instance:+.$instance}.conf
pidfile=$(doveconf -c $cfgfile -h base_dir 2>/dev/null)/master.pid
command=/usr/sbin/dovecot
command_args=${instance:+-c $cfgfile}
Commit that introduced the fault commit:7307d5b5
kernel patch used to find what cases the boot hang:
<@@ -2055,6 +2055,9 @@
if (!crng_ready()) {
if (flags & GRND_NONBLOCK)
return -EAGAIN;
+ printk(KERN_NOTICE "random: %s: getrandom without "
+ "GRND_NONBLOCK while crng not ready\n",
+ current->comm);
ret = wait_for_random_bytes();
if (unlikely(ret))
return ret;
(from redmine: issue id 10320, created on 2019-04-23)