This just happened on the server here which caused my host to turn off the system. I logged in and fail2ban-server was eating up CPU cycles and not doing any work. The underlying problem appeared to be related to log files (/var/log/auth.log) being too big and being read/written too frequently. The solution on Ubuntu was to fix logrotate for this file. First find the entry for auth.log
$ grep -r "auth.log" /etc/logrotate.d
/etc/logrotate.d/rsyslog:/var/log/auth.log {
And fix it so it looks like this, and restart logrotate.
/var/log/auth.log {
missingok
daily
notifempty
compress
rotate 7
size 10M
}
It should keep the size small and rotate it more frequently. Out of the box it was set to rotate weekly.