We are having some trouble getting log stream to output events in real time from coreaudiod while we are in a zoom call or listening to audio.
Repro steps:
- Open a Terminal window and execute
log stream --predicate "process=='coreaudiod' " - Create a zoom call, join it, stay for 10 seconds, leave the meeting
- Expected: audio events should show in log stream Terminal window
- Actual: no audio event shows
- Also, if after this test I execute
log show --last 5m "process=='coreaudiod' "the events are showing; that is proof that coreaudiod actually emitted those events;
Does anybody have any idea what could cause this?
This happens on Sonoma 14.2.1, on an MBP M2 Max with 64GB memory.
What we have looked at already:
- actually log stream does not show events from a lot of other procs on the machine; executing
log stream --timeout 10s --style json | jq .[] | jq ."processImagePath" | sort | uniq -ic | sort --reverseyields only 3 sources (counts in the first column):
205 "/kernel"
10 "/System/Library/CoreServices/ManagedClient.app/Contents/MacOS/ManagedClient"
2 "/usr/libexec/mdmclient"
-
on identical machines running the same command we get a lot more source procs
-
the 2 ManagedClient and MDMdaemon sources are owned by the Jumpcloud agent that is a login item
-
when looking at logs for diagnosticd around the time we start the log stream we are seeing denials for writing to the diagnosticd filter plist file although diagnosticd is entitled to do that (given the sb file):
2024-01-29 09:15:31.820086-0800 0x116a8a0 Default 0x0 85745 0 log: (libxpc.dylib) [com.apple.xpc:connection] [0x6000012b8000] activating connection: mach=true listener=false peer=false name=com.apple.diagnosticd
2024-01-29 09:15:31.820162-0800 0x116a8a0 Default 0x0 85745 0 log: (LoggingSupport) Sending stream request to diagnosticd
2024-01-29 09:15:31.820429-0800 0x116a3cd Default 0x0 703 0 diagnosticd: [com.apple.diagnosticd:] allowing log (85745) access to stream due to admin status
2024-01-29 09:15:31.820912-0800 0x116a3cd Default 0x0 703 0 diagnosticd: [com.apple.diagnosticd:] Posting stream filter: "{
category = {
MDMDaemon = 34360197120;
};
global = 34360197120;
process = {
coreaudiod = 34360197120;
};
subsystem = {
"com.apple.ManagedClient" = 34360197121;
};
}"
2024-01-29 09:15:31.820993-0800 0x116a3cd Error 0x0 0 0 kernel: (Sandbox) System Policy: diagnosticd(703) deny(1) file-write-create /Library/Preferences/Logging/com.apple.diagnosticd.filter.mBDzTBuj
2024-01-29 09:15:31.821569-0800 0x116a3cd Error 0x0 0 0 kernel: (Sandbox) System Policy: diagnosticd(703) deny(1) file-write-unlink /Library/Preferences/Logging/com.apple.diagnosticd.filter.plist
2024-01-29 09:15:31.821598-0800 0x116a3cd Default 0x0 703 0 diagnosticd: [com.apple.diagnosticd:] System mode client started - log (85745) - mode: 0x8, filter: "{
process = {
coreaudiod = 0;
};
}"
- I am not sure whether not being able to write to the filter file makes diagnosticd not send the coreaudiod events to the log stream client but we made sure that filter file is not locked or used by another process (lsof yields no proc using that, chflags does not show it as locked)