A disk so full, it couldn't be restored

The author might have had better luck by using an external storage device to boot the Mac and delete unneeded files on the internal disk from there:

Use an external storage device as a Mac startup disk https://support.apple.com/en-us/111336

Was surprised to learn that with Apple silicon-based Macs, not all ports are equal when it comes to external booting:

If you're using a Mac computer with Apple silicon, your Mac has one or more USB or Thunderbolt ports that have a type USB-C connector. While you're installing macOS on your storage device, it matters which of these ports you use. After installation is complete, you can connect your storage device to any of them.

* Mac laptop computer: Use any USB-C port except the leftmost USB-C port when facing the ports on the left side of the Mac.

* iMac: Use any USB-C port except the rightmost USB-C port when facing the back of the Mac.

* Mac mini: Use any USB-C port except the leftmost USB-C port when facing the back of the Mac.

* Mac Studio: Use any USB-C port except the rightmost USB-C port when facing the back of the Mac.

* Mac Pro with desktop enclosure: Use any USB-C port except the one on the top of the Mac that is farthest from the power button.

* Mac Pro with rack enclosure: Use any USB-C port except the one on the front of the Mac that's closest to the power button.

It seems like Time Machine has been steadily declining. I'm not sure why there is no impetus to get it reliable and functioning well. Between sparse bundles becoming corrupt and having to start a new backup and failing functionality I haven't felt like Time Machine is worth setting up anymore. This is in stark contrast to the iOS/iPadOS backups which have worked every time.

Time Machine has been consistently unreliable the entirety of the time since it launched well over a decade ago. It should be common knowledge that it sucks.

Use Backblaze if you don’t care about privacy, rsync+ssh to a selfhosted zfs box if you do.

Windows with NTFS will also break in mysterious ways when the system disk is full.

There was a time when OSs could deal with the system disk being full quite well. And not so long ago.

I ran into an issue like this in my first ever job! I accidentally filled up a cluster with junk files and the sysadmin started sending me emails saying I needed to fix it ASAP but rm wouldn’t work. He taught me that file truncation usually works when deletion doesn’t, so you can usually do “cat /dev/null > foo” when “rm foo” doesn’t work.

My best guess at what happened (based on a little knowledge of HFS+ disk structures, but not APFS) is that the journal file also filled up, and since deletion requires writing to it and possibly expanding it, you get into the unusual situation where deletion requires, at least temporarily, more space.

macOS continued to write files until there was just 41K free on the drive.

I've (accidentally) ran both NTFS and FAT32 to 0 bytes free, and it was always possible to delete something even in that situation.

Digging around in forums, I found that Sonoma has broken the SMB/Samba-based networking mount procedure for Time Machine restores, and no one had found a solution. This appears to still be the case in 14.4.

In my experience SMB became unreliable and just unacceptably buggy many years ago, starting around the 10.12-10.13 timeframe; and now it looks like Apple doesn't care about whether it works at all anymore.

I hate to think what people without decades of Mac experience do when confronted with systemic, cascading failures like this when I felt helpless despite what I thought I knew and all the answers I searched for and found on forums.

I don't have "decades of Mac experience", but the first thing I'd try is a fsck --- odd not to see that mentioned here.

If I were asked to recover from this situation, and couldn't just copy the necessary contents of the disk to another one before formatting it and then copying back, I'd get the APFS documentation (https://developer.apple.com/support/downloads/Apple-File-Sys...) and figure out what to edit (with dd and a hex editor) to get some free space.

Maybe flamebait, but here is my honest opinion, which I believe is aligned with the hacker ethos: maybe if you were using an open-source operating system you could, with a little experience, write a simple tool that deletes a couple files without allocating new metadata. (Or more likely, somebody else would have been there before you and you could just use their tool.)

Oh! What I would do is take the disk out, mount it on another machine and delete files then put it back........ /s

I think the whole stack of operating systems and tools that assume that this is possible get in trouble when it's not possible. I don't want my computer to become a locked down sandbox but it seems like this is where we are headed.

They mentioned that the problem occurred while steam was downloading, I wonder if because steam is ultra cross platform with bare minimum OS specific UI it is using something quite low level to write data to disk? Maybe NSFile does some checks that posix calls can’t do while remaining compliant with the spec or something weird like that. That would explain why people using various low level ´pro level’ cross platform tools like databases would have issues but typical garage band user is usually ok. If you’re doing database writes you probably don’t want the overhead of these checks making your file system performance look bad so it’s left to the software to check that it’s not going to fill up the file system. Stab in the dark hypothesis. I would hope that however we are writing data to the file system it shouldn’t be able to lock it up like this. I’d be curious for someone with technical knowledge of this to chime in.

I had this issue in October 2018 as documented in this Stack Overflow question, whose text I’ll paste below.

I was lucky: I had an additional APFS partition that I could remove, thus freeing up disk space. Took me a while to figure out, during which time I was in a proper panic.

---

https://apple.stackexchange.com/questions/338721/disk-full-t...

I’m in a pickle here. macOS Mojave, just updated the other day. I managed to fill my disk up while creating a .dmg, and the system froze. I rebooted. Kernel panic.

Boot to Recovery mode. Mount the disk. Open Terminal.

–bash–3.2# rm /path/to/large/file

rm: /path/to/large/file: No space left on device

Essentially the same issue as this Unix thread from ‘08! https://www.unix.com/linux/69889-unable-remove-file-using-rm...

I’ve tried echo x > /path/to/large/file, no good.

It’s borked. Does anyone have any suggestions that aren’t “wipe the drive and restore from your backup”?

I had this happen to me, though I can’t recall how I fixed it.

In general I’ve had good success with Time Machine. I, too, have lost TM volumes. I just erased them and started again. Annoying to be sure but 99.99% of the time don’t need a years worth of backups.

The author mentioned copying the Time Machine drive. I have never been able to successfully do that. Last time I tried I quit after 3 days. As I understand it, only Finder can copy a Time Machine drive. Terrible experience.

That said, I’d rather cope with TM. It’s saved me more than it’s hurt me, and even an idiot like me can get it to work.

I did have my machine just complain about one of my partitions being irreparable, but it mounted read only so I was able to copy it, and am currently copying it back.

I don’t know if this is random bit rot, or if something is going wrong with the drive. That would be Bad, it’s a 3TB spinning drive. Backed up with BackBlaze (knock on wood), but I’d rather not have to go through the recovery process if I could avoid it.

Problem is I don’t know how to prevent it. It’s been suggested that SSDs are potentially less susceptible to bit rot, so maybe switching to one of those is a wise plan. But I don’t know.

By contrast, ZFS has "slop space" to avoid this very problem (wedging the filesystem by running out of space during a large operation). By default it reserves 3.2% of your volume's space for this, up to 128GB.

So by adjusting the Linux kernel tunable "spa_slop_shift" to shrink the slop space, you can regain up to 128GB of bonus space to successfully complete your file deletion operations:

https://openzfs.github.io/openzfs-docs/Performance%20and%20T...

Impressive. I've never dealt with a situation where even `rm` failed, but I have had the displeasure of using and managing modern Macs with 256 GB (or less) of internal storage. I like to keep a "spaceholder" file of around 16GB so when things inevitably fill up and prevent an update or something else, I can nuke the placeholder without having to surgically prune things with `ncdu`

btrfs used to have this issue, the problem being that the filesystem has to append metadata to do any operation including (ironically) deletion: https://serverfault.com/a/478742.

AFAIK it's fixed now, because btrfs reserves some space and reports "disk full" before it's reached. macOS probably does the same (I'd hope), but it seems in this case the boundary wasn't enforced properly and the background snapshot caused it to write beyond.

What would the reasoning be for the file system failing this hard? Filling a partition to 99.999999% capacity always produces a nonsensical situation, but it's usually still recoverable without resorting to DBANing it first.

If you can truncate() an existing file (via 'echo > big_file.img' or similar), I would hope the filesystem could deallocate the relevant extents without requiring more space. Seems a bit like a filesystem defect not to reserve enough space to recover from this condition with unlink().

Sounds like there was no room to write to the journal (journaling is enabled by default on HFS+). Disabling the journaling for that volume (which it doesn’t appear you tried?) will have likely allowed you to perform your deletes.

diskutil disableJournal “/Volumes/Macintosh HD” (or whatever volume is)

I had an external hard drive that I overfilled by accident while making a manual backup of media files, and after that I couldn't even mount the APFS volume. Apparently it's something that can happen.

In the end I was able to mount and rescue the data using https://github.com/libyal/libfsapfs

I followed this guide: https://matt.sh/apfs-object-map-free-recovery

I found that Sonoma has broken...

All too familiar. I have two Macs. I upgraded one of them to Sonoma and ever since then it has been nothing but headache and disappointment. Starting from the upgrade having failed (meaning I had to completely wipe the disk and install Sonoma from scratch, luckily I still had data), to problems with Handoff, the firewall seems to not work, Excel very slow etc etc.

I don't recommend using Sonoma.

Safe Boot is your magical way to have the computer delete purgeable and temporary files, like boot caches. Hold shift down and once it gets to the login window, restart again.

Otherwise, go to Recovery mode, mount the disk in Disk Utility, and then open Terminal and rm some shit.

I ran into a similar situation not long ago on the system partition of a linux installation. The partition was too small to begin with and as new updates piled up there was almost no space left to start deleting stuff. It took me about half an hour to find a subdirectory with a tiny bit of stuff that could be deleted. It was like being in a room so plugged up with junk that you couldn't open the (inward swinging) door to let yourself out.

From the tiny beginning I started being able to delete bigger and bigger spaces until finally it was clear and then of course I resized the partition so that wouldn't happen again. The End.

I’m most surprised that Steam has apparently done this. It never lets me install anything unless I have the space, and it blocks off the space proactively.

I've had a similar experience on my iPhone. The disk became so full that deleting things was seemingly no longer actually doing anything. Rebooting, the phone couldn't be logged into. Rebooting again, it boot-looped. Rebooting once more, it booted into an inconsistent state where app icons still existed on the home screen, but the actual app was missing, so the icon was blank and the app could not be launched. I became concerned about data integrity and ultimately restored from a backup.

I am certain this was a result of APFS being copy-on-write and supporting snapshotting. If no change is immediately permanent, but instead old versions of files stay around in a snapshot, then if you don't have enough space for more snapshot metadata you're in trouble. Maybe they skip the snapshot in low disk space situations, but they still have the copy-on-write metadata problem.

The elephant in the room is that it was too expensive to buy a Macbook with more storage for a child, and now it's impossible to upgrade. I usually just replace an SSD if I run over 50% utilization.

I wonder if emptying some large-ish file via `:>file` would help.

A lot of hate in the comments here for Time Machine. Maybe some of that is justified, but I will say that I've been using Macs professionally since 2012 and while I do use other backup services also, there has never been a competing solution that allows the simplified versioning capabilities and performance of a Time Machine backup. On every single one of my Macs I keep a USB3/USB4 SSD connected just for Time Machine as a target, because it's so useful compared to things like Code42, BackBlaze, Carbonite, SpiderOak, et al.

It seems odd that he acknowledges the existence of Time Machine local snapshots but doesn't mention deleting the local snapshots manually. Using `tmutil listlocalsnapshots` and `tmutil deletelocalsnapshots` will actually free up space. I had this experience recently when my local storage was at 99% and simple `rm` wasn't freeing up any space. Once I deleted the local snapshot, 100s of GB were freed.

As a side node, Time Machine has been pretty garbage lately. I back up to a local Synology NAS and letting it run automatically will just spin with `connecting to backup disk` (or some such message), but running manually works just fine.

I know someone who ran out of disk space on her iPhone and then tried to fix some issues she didn't realize were being caused by it by upgrading the device to a new version of iOS; but then it failed the upgrade as it couldn't resize the disk but had already committed to doing such (I later laboriously figured this out by debugging the process using idevicerestore). I feel like this was a bug in its "how much space will I need to have to install successfully, let's verify I have enough before I begin" calculation, and maybe later versions of iOS have fixed the issue, but sadly they are all even larger and the fixed version would just prevent it from trying to upgrade in the first place, not fix it once it got to this point.

The sheer number of people who have ran into this is a bit mind boggling.

Clearly Apple knows about this, they make no effort to fix it?

i was testing low disk space like situation on a Mac Mini used as small home network storage/server, maybe ~ 1o years ago (running maybe Yosemite at the time or something similar) out of curiosity - so Intel mac and pre-APFS system

not sure it this was OS or filesystem feature, but it refused to allocate literally anything if free space reached ~ 100-500MB on system partition so it was being kept _always_ usable, even logging was denied IIRC

Be careful with iPhones/iOS too. Ignoring „not enough space” warnings will eventually put it into a boot loop.

There are threads on Reddit about this.

For me, flashing it through Finder with the official firmware was the only option. I lost some photos, the rest I was able to restore from iCloud backup.

Reminds me of when a customer's database kept crashing with an error code indicating the disk was full. Except Windows Explorer showed the disk having hundreds of gigs free...

Took us a little while to figure out that the problem was the database file was so fragmented NTFS couldn't store more fragments for the file[1].

What had happened was they had been running the database in a VM with very low disk space for a long time, several times actually running out of space, before increasing the virtual disk and resizing the partition to match. Hence all the now-available disk space.

Just copying the main database file and deleting the old solved it.

[1]: https://superuser.com/questions/1315108/ntfs-limitations-max...

I maxed out the inodes on a partition once. That was a head scratcher trying to figure out what was wrong. It was then I learned about the importance of block sizes when formatting a drive.

In the shell you can truncate files to zero size with a redirection:

  $ > large-file

this happened to me last Monday. it took over 2 days to recover.

it gobsmacked me that I needed space on a filesystem to make space on a filesystem.

Depending on how dedicated one was, it might work to dd the full contents of the affected disk to a larger one. Then expand the partition, expand the filesystem, and assuming everything is hunky dory, free up some space and reverse all those steps.

Reminds me of the time I worked at Apple support and got a phone call where a guy had wiped his system drive like 10x+ because he didnt want to lose his data but had run out of inodes so literally nothing was able to create or do anything, and his entire OS was shitting the bed.

I showed him how he could type rm -rf and then paste the files in the terminal and it took him a good 15 minutes for him to get it all organized but once he did he literally cried because I got his computer back.

Those days were pretty brutal, but there were shining moments.

In the old days (2003) I put a web app live with debug level of logging turned on. It filled the disk up so much the Sys Admin had to get a bus to the data centre to reboot the server (Sun e450 from memory) hands on at the keyboard.

My wife's IPhone 12 Pro Max had the same problem.

She somehow managed to fill up the entire 512GB. Updates were unsuccessful, she couldn't make calls and wasn't able to delete anything to make room.

She couldn't even back up her phone through iTunes, the only option was to purchase an iCloud subscription and back up to the cloud in order to access her photos.

Huh, something like this happened to my mother's iPhone, too. She kept taking photos until the storage was filled to the brim.

One day she had discharged the battery completely, shutting down the phone; after recharging, she tried to restart it, only to be sent into a boot-loop. There is no (official) way to resolve this except repeatedly reboot and hope that at least once, Springboard loads and you can immediately jump into Photos and start mass-deleting, or at least connect to a computer and transfer the media out of the phone.

I wonder if truncate would have worked.

This happened to me too, without Time Machine. It’s devastating how rm on macOS can’t remove files when the disk is full.

Probably needed to delete some of the mentioned disk snapshots, before trying to delete files.

https://support.apple.com/en-gb/guide/disk-utility/dskuf8235...

APFS is really sensitive to this situation, more than other file systems. I don’t remember how I managed to resolve this situation, but it involved booting into the single user mode and some magic not accessible to a regular Mac user.

I had a similar situation happen with running multiple virtual machines where their storage was a .vdi file - the files grew too big and maxed out my storage. On next boot ubuntu would not start, same error telling me disk is too full.

I had a recent backup so i just reinstalled everything. I always make sure there is some space on the disks from that moment on.

macOS outstripped its ability to throttle filling storage

Does it actually do that? I.e. stop the user from writing new data when storage space is extremely low?

When `rm file` gives you "No space left on device", a trick you can do:

    echo > file  # delete content of file first
    rm file  # now it should work

You have to wonder why in this age a trillion dollar computer company that helped usher the PC revolution would allow their systems to become crippled by a full storage device, especially when these devices are applied as indispensable tools for everyday life.

I'm begging the question:

In the 70s / 80s there was consumer tort litigation for all kinds of "misrepresentation", which was fair, because there was a huge and growing business of dark patterns of false claims, faulty products, and schemes for exploitation of unwitting and/or oppressing customers.

But it also became absurd, like class action suits against RCA for selling TVs with 25" inch screens where the picture only measured 24.5 inches due to the cabinet facia overlapping the edge of the tube or the raster not reaching all the way to the edge, etc.

Tort reform became a hot-button political issue because an enormous subsector of "consumer-rights" legal practice developed to milk payouts under consumer law. You still see this today for "personal injury."

So Apple has trillions in pockets and all their kit is sold with capacity specs.

Well, customers has better be able to get access to all that capacity, even if it kills their device.

I'm wondering if it's not a bug but a legal calculus, a la intro to Fight Club where Ed Norton is reviewing the share value implications of Ford paying off claims for Pintos that explode when rear-ended versus the cost of a recall?

Ran into precisely this problem with a friend's Ventura Mini last year.

The solution was to boot into recovery and mount the Data partition using Disk Utility.

I don't recall where the Data partition gets mounted but I think it is:

"/System/Volumes/Macintosh HD - Data"

Or just Data, since Sonoma. It will be clear from Disk Utility.

Then close Disk Utility and go into Terminal and run rm on a big unseeded file.

You can find one using:

find <data-mnt> -size +100m

Using rm will fail.

Unmount the Data partition and run fsck on it.

This completes the deletion.

From there enough more space can be freed in recovery to have a healthy buffer, then reboot normally and finish cleaning.

It seems that when the volume gets so full that rm doesn't work anymore the filesystem also gets corrupted.

HTH and that I didn't forget anything.

Fun times old android phones had the same bug.

I had a similar issue with a PostgreSQL database - we were running an application that performed simulations and on that day we tried one that was an order of magnitude larger than the previously largest ones.

Suddenly queries started failing, so I investigated and even managed to remove some files on the affected volume, but it wasn't enough. Eventually, as the volume's storage class did not allow for expansion, I reached out to the support team to move the data to a larger one.

This is a serious failure of the backup mechanism not being able to restore from a backup, and a serious failure of the operating system, not being able to delete files in a mounted external disk.

Luckily, all important files were in the cloud, and you could write a blog post describing these monumental failures.

> ... Samba (the disk-sharing protocol), ...

Pet peeve (or alternatively: correct me if I'm wrong), Samba is not a protocol. It's a software suite that implements the SMB (Server Message Block) protocol

they had filled macOS’s startup volume storage so full that the operating system was incapable of deleting files

Yeah, this has happened to me too. It became a lot more of an issue when my disk was (forcefully, non-consensually) converted to "APFS" which, along with breaking both alternative operating systems I had installed, also seemed to have a much greater chance of entirely bricking once I ran out of space.

I was consistently able to repair it by running a disk check in recovery mode, then deleting the files from the recovery terminal, however that is only accessible by a reboot, which by its very nature, necessarily loses all work that I had open, as it's impossible to save.

I never had this issue with HFS+. Everyone who says it can technically lock up is missing the fact that in practice it was still far more resilient than the newer and supposedly "better" APFS.

People find it a confusing idea to grasp that deleting things actually requires more space, either temporarily or permanently. Other comments here have gone into the details of why some modern filesystems with snapshotting and journalling and so forth actually end up needing to allocate from free space in order to delete stuff.

In a different field: In the early decade of Wikipedia it often had to be explained to people that (at least from roughly 2004 onwards) deleting pages with the intention of saving space on the Wikipedia servers actually did the opposite, since deletion added records to the underlying database.

Related situations:

* In Rahul Dhesi's ZOO archive file format, deleting an archive entry just sets a flag on the entry's header record. ZOO also did VMS-like file versioning, where adding a new version of a file to an archive did not overwrite the old one.

* Back in the days of MS/DR/PC-DOS and FAT, with (sometimes) add-on undeletion utilities installed, deleting a file would need more space to store a new entry into the database that held the restore information for the undeletion utility.

* Back in the days of MS/DR/PC-DOS and FAT, some of the old disc compression utilities compressed metadata as well, leading to (rare but possible) situations where metadata changes could affect compressibility and actually increase the (from the outside point of view) volume size.

"I delete XYZ in order to free space." is a pervasive concept, but it isn't strictly a correct one.

This happened to me! My solution was to go to an apple store, buy one of their portable SSDs right there, cp everything on to the SSD (that didn't appear to use any additional space!), wipe the mac, and then rm some unneeded stuff on the ssd before cp-ing back and using their no-fee return to return the SSD. There were a few esoteric issues, but for the most part it worked.

Terminal: While Terminal would launch, using the standard Unix rm command resulted in a similar error: “No space left on device.”

This looks like a huge bug, and the elephant in the room.

What's the reason for `rm` requiring space left on the device?

A viable solution would be to clone all data onto a bigger drive, then delete some files, wipe the disk, and finally copy everything back.