Systemd Journald accessing wrong location - fails to open /run/log/journal file

I was playing with BPF tools today (from Brendan Gregg’s BPF Book) and ran the command sudo opensnoop-bpfcc -x -U and noticed many traces like this:

0     403    systemd-journal    -1   2 /run/log/journal/5c01742aed6d4d58bed5f1671e612657/system.journal

This is my main Lenovo p72 machine running Ubuntu 20.04 …

$ uname -a
Linux 5.4.0-39-generic #43-Ubuntu SMP Fri Jun 19 10:28:31 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

While looking into this I found that there is nothing in /run/log/journal:

$ ls -al /run/log/journal/
total 0
drwxr-sr-x+ 2 root systemd-journal 40 Jun 28 15:06 .
drwxr-xr-x  3 root root            60 Jun 28 15:06 ..

… and /run is indeed a temp filesystem:

$ cat /proc/mounts | grep run
tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=6554292k,mode=755 0 0

Why would journald try to access a file in a location that just doesn’t exist, on a temp filesystem mount? Is something configured wrong? Even when I edit /etc/systemd/journald.conf and change the config to Storage=parsistent, journald still tries to access /run/log. The only correct location is /var/log/journal/ where the path exists on my system, and it does write stuff to that location. This also happens to a second machine running the same OS listed below.

update 2020-07-24 11:44:27

> grep -v '#' /etc/rsyslog.d/50-default.conf | sed '/^$/d'
auth,authpriv.*         /var/log/auth.log
*.*;auth,authpriv.none      -/var/log/syslog
kern.*              -/var/log/kern.log
mail.*              -/var/log/mail.log
mail.err            /var/log/mail.err
*.emerg             :omusrmsg:*