iosnoop no longer works on OS X 10.11 El Capitan

[Note: This all started because some process – I'm still not sure which – is chewing on my hard drive for minutes at a time. This behavior started when I updated to OS X 10.11.1. Given the duration, it seems unlikely to be a simple re-indexing by mdsworkers.]

I recently tried using iosnoop to find out which processes were chewing on my Fusion drive with enough vigor to make the hard drive audible. Instead of a running log of events, I got this:

That's not right.

I filed a radar with Apple. (TODO: Create a corresponding Open Radar entry.) The response was unsatisfying, as it effectively means iosnoop is no longer usable:

This issue behaves as intended based on the following: Some significant portions of dtrace are not compatible with System Integrity Protection. Unfortunately, the iosnoop script contains probes that are not compatible, and thus cannot run.

The iosnoop(1m) man page says nothing about this. At the least this is a documentation failure on Apple's part.


Twitter turned up a workaround/solution:

@sevanjaniyan To reenable dtrace reboot to recovery, open terminal. csrutil disable; csrutil enable --without dtrace

Unfortunately this isn't working on my late 2009 iMac. As I understand it the problem is that, when I installed an SSD and configured a Fusion Drive last year, I didn't put the recovery HD outside the fusion drive. So I have some storage reconfiguration to do.