How can I force a crash report in OSX?

Question

My MacBook Pro regularly gets into a state where a very lightly loaded system starts processing very slowly: mouse clicks and button presses take a few minutes to process and a couple of useful things can be done in the space of a couple of hours if I'm attentive. Note that this happens without fans or any other signal that its running close to its operating limits.

Regardless this is undesirable. MacOS does not seem to recognize this state as a fault or failure, so I need to manually power off, and hence I don't get the "your system was restarted..." message with a crash report on boot (no bugs to be had in MacOS of course).

I have XCode installed (linux developer making due on MacOS).

How do I force MacOS to dump the state of the running processes and reboot?

Answer 1

Activity Monitor

If you just want a live view of system activity, keep Activity Monitor open and change its Dock icon to CPU to see if cores are busy. You may of course open it and see what is hogging the memory/ disk/ CPU.

You can either enable memory column in CPU tab, or CPU column in memory tab to keep a tab :) on processes.

Last time I had such a slowdown, it was spotlight processes consuming massive memory. I killed it.

Instruments.app

It is bundled with Xcode app which you say you have. It has an instrument called Activity Monitor which will store the information of all processes, network, disk speed for as long as it is run. Activity Monitor app will not store anything.

• https://web.archive.org/web/20200620073428/https://help.apple.com/instruments/mac/current/#/devc63117d3
• https://en.wikipedia.org/wiki/Instruments_(software)#References

Safe Mode or new user account

Not a logging method, but can help isolate issues with kernel extensions, buggy apps or anything else.

• https://support.apple.com/en-us/HT201262#issue

Answer 2

One thing to consider is if your employer issued you the MacBook Pro they are very likely actively managing the device. System Preferences -> Profiles does not normally exist on a retail Mac. If you see that, look for an MDM Profile, that would mean your Mac is being managed by your employer. Then you can take a look at running processes that might be scanning the disk, phoning home to a server management console on-prem or in the Cloud even if you are not on VPN.

Some companies might deploy several security endpoints and it's a real bummer as they can certainly affect system performance. In some cases quite a bit of an impact, especially the ones with kernel extensions or ones that scan the drive. Such as Symantec or Carbon Black endpoints. There's also Tanium and Crowdstrike, etc., etc., etc.

You can take a look at the following paths to see what's loading daemons and background services via launchd (like systemd in Linux).

/Library/LaunchDaemons 
/Library/LaunchAgents
~/Library/LaunchAgents
/Library/Extensions (kernel extensions)

If you find the culprit is indeed a security tool you should report that to your IT department so they can escalate with the vendor and fix the problem. It should not be impacting the device like that. I've seen that sort of thing in enterprise environments quite a bit and not just on Macs.

The worst offenders are the ones that run disk scans updating binary signatures or scanning for viruses. Typically, when the application is updated it will run a full scan which can really work a computer pretty hard. Eventually, it should finish the scan and performance should improve. But if it is interrupted it may start over or continue scanning some time later on. The IT department may be running scans more aggressively than perhaps they should.

Just something to consider as I see it all the time and with all the security threats online, every companies IT security department has been ramping up their tooling. Especially since COVID-19 and work at home.

Answer 3

I would use the following to dump and restart.

sudo sysdiagnose && sudo shutdown -r now