Ubuntu – unattended-upgrade CPU 100% for 4 hours (every time) [in case of many routing tables]

cpu loadunattended-upgrades

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic

During unattended-upgrade the CPU use 100% of resouce for 4 hours

Example:

unattended-upgrade –dry-run –debug

2019-02-16 10:34:46,087 INFO Enabled logging to syslog via daemon facility
2019-02-16 10:34:46,087 INFO Initial blacklisted packages:
2019-02-16 10:34:46,088 INFO Initial whitelisted packages:
2019-02-16 10:34:46,088 INFO Starting unattended upgrades script
2019-02-16 10:34:46,088 INFO Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
2019-02-16 10:34:56,044 INFO Enabled logging to syslog via daemon facility
2019-02-16 10:34:56,045 INFO Initial blacklisted packages:
2019-02-16 10:34:56,045 INFO Initial whitelisted packages:
2019-02-16 10:34:56,045 INFO Starting unattended upgrades script
*2019-02-16 10:34:56,046 INFO Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
2019-02-16 10:34:56,290 DEBUG Using (^linux-image|^linux-headers|^linux-image-extra|^linux-modules|^linux-modules-extra|^linux-signed-image|^kfreebsd-image|^kfreebsd-headers|^gnumach-image|^.*-modules|^.*-kernel|^linux-backports-modules-
.*|^linux-modules-.*|^linux-tools|^linux-cloud-tools) regexp to find kernel packages
2019-02-16 10:34:56,294 DEBUG Using (^linux-image.*4.15.0-45-generic|^linux-headers.*4.15.0-45-generic|^linux-image-extra.*4.15.0-45-generic|^linux-modules.*4.15.0-45-generic|^linux-modules-extra.*4.15.0-45-generic|^linux-signed-image.*4
.15.0-45-generic|^kfreebsd-image.*4.15.0-45-generic|^kfreebsd-headers.*4.15.0-45-generic|^gnumach-image.*4.15.0-45-generic|4.15.0-45-generic.*-modules|4.15.0-45-generic.*-kernel|^linux-backports-modules-.*.*4.15.0-45-generic|^linux-modul
es-.*.*4.15.0-45-generic|^linux-tools.*4.15.0-45-generic|^linux-cloud-tools.*4.15.0-45-generic) regexp to find running kernel packages
2019-02-16 10:34:57,345 DEBUG pkgs that look like they should be upgraded:
2019-02-16 10:37:17,591 INFO Enabled logging to syslog via daemon facility
2019-02-16 10:37:17,592 INFO Initial blacklisted packages:
2019-02-16 10:37:17,593 INFO Initial whitelisted packages:
2019-02-16 10:37:17,593 INFO Starting unattended upgrades script
2019-02-16 10:37:17,593 INFO Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
2019-02-16 10:37:17,836 DEBUG Using (^linux-image|^linux-headers|^linux-image-extra|^linux-modules|^linux-modules-extra|^linux-signed-image|^kfreebsd-image|^kfreebsd-headers|^gnumach-image|^.*-modules|^.*-kernel|^linux-backports-modules-
.*|^linux-modules-.*|^linux-tools|^linux-cloud-tools) regexp to find kernel packages
2019-02-16 10:37:17,840 DEBUG Using (^linux-image.*4.15.0-45-generic|^linux-headers.*4.15.0-45-generic|^linux-image-extra.*4.15.0-45-generic|^linux-modules.*4.15.0-45-generic|^linux-modules-extra.*4.15.0-45-generic|^linux-signed-image.*4
.15.0-45-generic|^kfreebsd-image.*4.15.0-45-generic|^kfreebsd-headers.*4.15.0-45-generic|^gnumach-image.*4.15.0-45-generic|4.15.0-45-generic.*-modules|4.15.0-45-generic.*-kernel|^linux-backports-modules-.*.*4.15.0-45-generic|^linux-modul
es-.*.*4.15.0-45-generic|^linux-tools.*4.15.0-45-generic|^linux-cloud-tools.*4.15.0-45-generic) regexp to find running kernel packages
2019-02-16 10:37:18,903 DEBUG pkgs that look like they should be upgraded:
2019-02-16 14:22:00,768 DEBUG fetch.run() result: 0
2019-02-16 14:22:00,769 DEBUG blacklist: []
2019-02-16 14:22:00,769 DEBUG whitelist: []
2019-02-16 14:22:00,771 INFO No packages found that can be upgraded unattended and no pending auto-removals

2019-02-16 10:37:18,903 DEBUG pkgs that look like they should be upgraded:

2019-02-16 14:22:00,768 DEBUG fetch.run() result: 0

This is a "manual run" but the issue is also present during automatic-updates:

 3541 ?        Ss     0:00 /bin/sh /usr/lib/apt/apt.systemd.daily update
 3546 ?        S      0:00  \_ /bin/sh /usr/lib/apt/apt.systemd.daily lock_is_held update
 4072 ?        Rl   158:20      \_ /usr/bin/python3 /usr/bin/unattended-upgrade --download-only

==UPDATE==

today there are updates, but this is the result (top):

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
23271 root      20   0  269328 181084  49932 R 100.0  4.5   0:22.21 unattended-upgr

and still waiting here from hours with CPU 100%….

# unattended-upgrade --dry-run --debug
Enabled logging to syslog via daemon facility
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
Using (^linux-image|^linux-headers|^linux-image-extra|^linux-modules|^linux-modules-extra|^linux-signed-image|^kfreebsd-image|^kfreebsd-headers|^gnumach-image|^.*-modules|^.*-kernel|^linux-backports-modules-.*|^linux-modules-.*|^linux-tools|^linux-cloud-tools) regexp to find kernel packages
Using (^linux-image.*4.15.0-45-generic|^linux-headers.*4.15.0-45-generic|^linux-image-extra.*4.15.0-45-generic|^linux-modules.*4.15.0-45-generic|^linux-modules-extra.*4.15.0-45-generic|^linux-signed-image.*4.15.0-45-generic|^kfreebsd-image.*4.15.0-45-generic|^kfreebsd-headers.*4.15.0-45-generic|^gnumach-image.*4.15.0-45-generic|4.15.0-45-generic.*-modules|4.15.0-45-generic.*-kernel|^linux-backports-modules-.*.*4.15.0-45-generic|^linux-modules-.*.*4.15.0-45-generic|^linux-tools.*4.15.0-45-generic|^linux-cloud-tools.*4.15.0-45-generic) regexp to find running kernel packages
Checking: libnss-systemd ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
Checking: libpam-systemd ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
Checking: libpci3 ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
adjusting candidate version: libpci3=1:3.5.2-1ubuntu1
Checking: libsystemd0 ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
Checking: libudev1 ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
Checking: pciutils ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
adjusting candidate version: pciutils=1:3.5.2-1ubuntu1
Checking: systemd ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
Checking: systemd-sysv ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
Checking: udev ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: libnss-systemd
libpam-systemd
libsystemd0
libudev1
systemd
systemd-sysv
udev

I still think that Ubuntu is the worst linux distribution…

[UPDATE]

I discovered the issue!
The problem only happens when I have many routing tables…
Inexplicable, but reproducible on all installations

Best Answer

Consider turning off unattended upgrades in APT. Disable it by doing a grep -R Unattended /etc/apt and looking for:

APT::Periodic::Unattended-Upgrade "1";

Then, change the 1 to a 0. You can try to restart the unattended-upgrade service, but sometimes it's actually faster to just reboot the whole machine.