cr0x.net — Hard Problems. Clean Solutions.
English

Debian 13: TRIM Isn’t Running — Enable the fstrim Timer and Verify It Works

January 20, 2026 • February 3, 2026 • Read: 24 min • Views: 9

Was this helpful?

You installed Debian 13, moved to SSDs (or NVMe), and expected the system to quietly keep itself tidy. Then performance gets a little “sticky,” disk wear numbers look worse than you’d like, or you notice fstrim never ran. Classic.

TRIM is one of those maintenance jobs you only miss when it’s missing—like backups, until they’re needed and aren’t there. Let’s make Debian 13 run TRIM on schedule, prove it’s actually doing something, and troubleshoot the common traps where the command succeeds but the storage stack drops the request on the floor.

What TRIM is (and what it isn’t)

TRIM is the operating system telling solid-state storage which blocks no longer contain useful data. That sounds mundane until you remember how SSDs work: flash memory can’t overwrite in place; it writes new pages elsewhere and later erases old blocks in larger chunks. If the drive doesn’t know a block is dead, it may keep it around as “maybe still in use,” which increases write amplification, reduces sustained write performance, and can increase wear.

On Linux, you’ll run into TRIM via two mechanisms:

  • Periodic TRIM: fstrim walks mounted filesystems and issues discard operations for free space. Debian typically schedules this weekly via a systemd timer.
  • Continuous discard: mount option discard (or filesystem-specific variants) issues discards as blocks are freed.

Use periodic TRIM unless you have a strong reason not to. Continuous discard can work fine, but it can also add latency in write-heavy workloads and it tends to complicate performance debugging. Periodic TRIM is boring. Boring is good.

TRIM is also not a magic “make my SSD fast” button. If your bottleneck is random reads at queue depth 1, TRIM won’t rescue you. If your problem is the VM host lying about discard support, TRIM won’t fix your career either.

One quote worth keeping in your mental runbook: Werner Vogels (Amazon CTO) said, “Everything fails, all the time.” (paraphrased idea). Storage is included. Assume it will fail—then verify.

Interesting facts and context (for people who like knowing why)

  • Fact 1: The SATA TRIM command was introduced as part of ATA standards around the time SSDs became mainstream; before that, drives had to guess what data was stale.
  • Fact 2: On NVMe, the equivalent is called Dataset Management / Deallocate, but Linux still treats it under the “discard” umbrella.
  • Fact 3: Early SSDs sometimes got TRIM wrong. Some firmware versions handled discards poorly enough that admins disabled it across fleets for years out of pure self-defense.
  • Fact 4: Filesystems don’t “need” TRIM to function. They need it to keep SSD garbage collection from becoming a silent performance tax.
  • Fact 5: Most modern Linux distros shifted from always-on discard to scheduled fstrim because it’s easier to reason about and often faster overall.
  • Fact 6: Thin-provisioned storage (LVM thin, virtual disks, SAN LUNs) can reclaim capacity upstream with discard—if every layer cooperates. One layer says “no,” and you keep paying for blocks you deleted months ago.
  • Fact 7: dm-crypt historically defaulted to not passing discards because discards can leak information about which blocks are in use. You can opt in.
  • Fact 8: Many RAID controllers and some device-mapper stacks used to drop discard requests entirely. Modern kernels are better, but “better” is not “guaranteed.”

Joke #1: TRIM is like cleaning your desk—nobody notices when you do it, but everyone notices when you don’t.

Fast diagnosis playbook (check these first)

If TRIM “isn’t running,” you’re really debugging one of three things: scheduling, permission/units, or discard support through the storage stack. Don’t boil the ocean. Check in this order:

1) Is the timer enabled and firing?

  • Check fstrim.timer is enabled and has a next run time.
  • Check when it last ran and whether it succeeded.

2) Does fstrim -av work manually?

  • If manual trim fails: it’s not scheduling. It’s support, mount options, or device stack.
  • If manual trim works but timer doesn’t: it’s systemd unit state, masking, or clock/timer issues.

3) Does the block device advertise discard support?

  • Use lsblk -D (discard granularity/max bytes) and blkdiscard sanity checks.
  • For LUKS/LVM/RAID/VMs, validate each layer passes discards.

4) Are you trimming the right thing?

  • fstrim trims mounted filesystems only. If your important mount isn’t mounted at timer time (rare, but happens), it won’t be trimmed.
  • Some filesystems or mount options may disable discard entirely.

Practical tasks: commands, expected output, and what you decide

This is the meat. Each task includes: a command, what the output means, and the decision you make next. Run these as root or with sudo as indicated.

Task 1: Confirm Debian sees your drives as discard-capable

cr0x@server:~$ lsblk -D -o NAME,MODEL,ROTA,DISC-GRAN,DISC-MAX,DISC-ZERO
NAME        MODEL               ROTA DISC-GRAN DISC-MAX DISC-ZERO
nvme0n1     Samsung SSD 980      0      4K       2T         0
sda         ST1000DM010-2EP1     1      0B       0B         0

Meaning: DISC-GRAN and DISC-MAX being non-zero indicates the device claims discard support. Rotational disks (ROTA=1) typically show 0B because TRIM is for SSD-like media.

Decision: If your SSD/NVMe shows 0B/0B, stop blaming systemd. You likely have a layer blocking discard (dm-crypt, RAID, VM virtual disk type) or a device that truly doesn’t support it.

Task 2: Check the fstrim timer status

cr0x@server:~$ systemctl status fstrim.timer
● fstrim.timer - Discard unused blocks once a week
     Loaded: loaded (/usr/lib/systemd/system/fstrim.timer; enabled; preset: enabled)
     Active: active (waiting) since Mon 2025-12-29 09:10:12 UTC; 3h ago
    Trigger: Sun 2026-01-04 00:24:31 UTC; 4 days left
   Triggers: ● fstrim.service

Meaning: Enabled + active (waiting) with a future trigger time is what you want. If it says disabled, inactive, masked, or has no trigger, it won’t run.

Decision: If disabled, enable it. If active but never fires, inspect timers and logs (next tasks).

Task 3: List timers and verify fstrim is scheduled

cr0x@server:~$ systemctl list-timers --all | grep -E 'fstrim|NEXT|LAST'
Sun 2026-01-04 00:24:31 UTC  4 days left Sun 2025-12-28 00:22:09 UTC  1 day ago  fstrim.timer  fstrim.service

Meaning: You get a NEXT and LAST run time. If LAST is “n/a”, it never ran. If NEXT is “n/a”, it won’t run.

Decision: If it never ran, run it manually and read logs. If it ran but trimmed 0 bytes forever, you might still have an upstream layer ignoring discards—or you simply have little free space to trim.

Task 4: See whether the service was invoked and what it did

cr0x@server:~$ systemctl status fstrim.service
● fstrim.service - Discard unused blocks on filesystems from /etc/fstab
     Loaded: loaded (/usr/lib/systemd/system/fstrim.service; static)
     Active: inactive (dead) since Sun 2025-12-28 00:22:12 UTC; 1 day ago
TriggeredBy: ● fstrim.timer
       Docs: man:fstrim(8)
    Process: 2021 ExecStart=/sbin/fstrim --fstab --verbose --quiet (code=exited, status=0/SUCCESS)
   Main PID: 2021 (code=exited, status=0/SUCCESS)

Meaning: Status 0/SUCCESS means it ran. “inactive (dead)” is normal after a oneshot service finishes.

Decision: If you see failure codes, go to the journal. If it’s successful, verify bytes trimmed and discard path.

Task 5: Read the journal for fstrim details

cr0x@server:~$ journalctl -u fstrim.service -n 50 --no-pager
Dec 28 00:22:09 server systemd[1]: Starting fstrim.service - Discard unused blocks on filesystems from /etc/fstab...
Dec 28 00:22:09 server fstrim[2021]: /: 18.7 GiB (20068429824 bytes) trimmed on /dev/nvme0n1p2
Dec 28 00:22:12 server systemd[1]: fstrim.service: Deactivated successfully.
Dec 28 00:22:12 server systemd[1]: Finished fstrim.service - Discard unused blocks on filesystems from /etc/fstab.

Meaning: This is your proof. It shows which mountpoints were trimmed and how much.

Decision: If it lists only some filesystems, check /etc/fstab and mount states. If it trims 0 bytes repeatedly, validate discard support; it might be blocked or there’s nothing new to discard.

Task 6: Run fstrim manually across all mounted filesystems

cr0x@server:~$ sudo fstrim -av
/: 18.7 GiB (20068429824 bytes) trimmed on /dev/nvme0n1p2
/var: 2.1 GiB (2254857830 bytes) trimmed on /dev/nvme0n1p3

Meaning: -a means “all mounted filesystems that support it”; -v shows what happened. If you see “Operation not supported,” you have a stack issue or filesystem limitation.

Decision: If manual works but timer doesn’t, focus on systemd. If manual fails, focus on storage stack and mounts.

Task 7: Check which filesystems are eligible (mounted and in fstab)

cr0x@server:~$ findmnt -no TARGET,SOURCE,FSTYPE,OPTIONS /
/ /dev/nvme0n1p2 ext4 rw,relatime,errors=remount-ro

Meaning: Shows mount options and filesystem. With periodic fstrim, you do not need the discard mount option.

Decision: If you’re using discard and you’re chasing latency spikes, consider removing it and relying on the timer.

Task 8: Confirm fstrim will consider the filesystem (fstab filter)

cr0x@server:~$ grep -vE '^\s*#|^\s*$' /etc/fstab
UUID=8c2b1f2a-6a3f-4ad4-9b7f-3d2b0b7b6f12 /     ext4 defaults,errors=remount-ro 0 1
UUID=0f3f0c1a-27ae-4f1c-a90f-8b0b7fe1f5c1 /var  ext4 defaults                  0 2

Meaning: Debian’s fstrim.service commonly runs fstrim --fstab, meaning it uses fstab entries rather than “whatever is mounted.” If you mount something manually that isn’t in fstab, it may never get trimmed by the timer.

Decision: If a mount should be trimmed, add it to fstab or adjust your trim strategy.

Task 9: Verify the timer isn’t masked or overridden

cr0x@server:~$ systemctl is-enabled fstrim.timer
enabled

Meaning: “masked” means someone deliberately disabled it in a way that survives enable attempts.

Decision: If masked, unmask and enable (shown later). If disabled, enable.

Task 10: Check for systemd unit overrides that change behavior

cr0x@server:~$ systemctl cat fstrim.service
# /usr/lib/systemd/system/fstrim.service
[Unit]
Description=Discard unused blocks on filesystems from /etc/fstab
Documentation=man:fstrim(8)

[Service]
Type=oneshot
ExecStart=/sbin/fstrim --fstab --verbose --quiet

Meaning: If you see extra sections under /etc/systemd/system/fstrim.service.d/, you may have an override. Overrides are powerful and also a great way to confuse Future You.

Decision: If overridden, confirm it still trims what you expect and that output/logging isn’t suppressed into invisibility.

Task 11: Validate discard support through dm-crypt (LUKS)

cr0x@server:~$ sudo cryptsetup status cryptroot
/dev/mapper/cryptroot is active.
  type:    LUKS2
  cipher:  aes-xts-plain64
  keysize: 512 bits
  key location: keyring
  device:  /dev/nvme0n1p2
  sector size:  512
  offset:  32768 sectors
  size:    1953125000 sectors
  mode:    read/write

Meaning: This doesn’t directly say discard is enabled. For that, you typically check your /etc/crypttab or device-mapper table. But seeing dm-crypt in the path is your cue: discards may be blocked unless explicitly allowed.

Decision: If using LUKS and you want TRIM, plan to enable discards deliberately (with full understanding of metadata leakage tradeoffs).

Task 12: Confirm discard limits on device-mapper nodes

cr0x@server:~$ lsblk -D -o NAME,TYPE,DISC-GRAN,DISC-MAX /dev/mapper/cryptroot
NAME     TYPE DISC-GRAN DISC-MAX
cryptroot crypt     4K       2T

Meaning: If the dm-crypt mapping reports discard capability, the path is at least plausible. If it reports 0B/0B, discards are being blocked at this layer.

Decision: 0B/0B here: fix crypttab options or accept “no TRIM” for that volume.

Task 13: Validate that the filesystem supports trimming

cr0x@server:~$ df -T /
Filesystem     Type  1K-blocks      Used Available Use% Mounted on
/dev/nvme0n1p2 ext4  960379552 302118912 609136192  34% /

Meaning: ext4, xfs, btrfs generally support TRIM. Some niche or older filesystems may not, or may require specific options.

Decision: If you’re on something exotic, verify support and expectations. If you’re on ext4/xfs/btrfs and discards fail, it’s likely below the filesystem.

Task 14: Check whether you’re inside a VM that doesn’t pass discards

cr0x@server:~$ systemd-detect-virt
kvm

Meaning: Being virtualized doesn’t forbid TRIM, but it means you now need the hypervisor and virtual disk type configured to pass discard/unmap.

Decision: If this is a VM, coordinate with the platform team (or with yourself, if you’re wearing that hat) to enable discard/unmap support end-to-end.

Task 15: Dry-run whether discards are refused at the block layer

cr0x@server:~$ sudo blkdiscard -v -n /dev/nvme0n1p2
blkdiscard: /dev/nvme0n1p2: 0 bytes were discarded

Meaning: -n is a dry run on many systems (doesn’t actually discard). This sanity-checks that the ioctl path exists. If you get “Operation not supported,” the kernel stack isn’t accepting discards for that device.

Decision: If unsupported here, fstrim can’t make it happen. Fix the underlying layer, or stop trying.

Task 16: Confirm the timer actually fired when you think it did (time and missed runs)

cr0x@server:~$ systemctl show -p LastTriggerUSec,LastTriggerUSecMonotonic fstrim.timer
LastTriggerUSec=Sun 2025-12-28 00:22:09 UTC
LastTriggerUSecMonotonic=120394889230

Meaning: Confirms the last trigger time. Useful when you suspect missed timers after sleep, downtime, or clock jumps.

Decision: If the timer isn’t triggering, investigate systemd timer behavior, system clock, and whether the unit is inhibited.

Enable the fstrim timer on Debian 13 (the right way)

On Debian with systemd, you want the timer, not a random cron job you found in a 2014 blog post. The timer integrates with service logging, dependencies, and uniform management. It also makes audits less painful.

Enable and start the timer

cr0x@server:~$ sudo systemctl enable --now fstrim.timer
Created symlink /etc/systemd/system/timers.target.wants/fstrim.timer → /usr/lib/systemd/system/fstrim.timer.

Meaning: Enabled for boot and started immediately. From now on, Debian should run weekly TRIM automatically.

Decision: If you manage fleets, bake this into your baseline (Ansible, Salt, whatever). Don’t rely on “someone will remember.”

If it’s masked, unmask it

cr0x@server:~$ sudo systemctl unmask fstrim.timer
Removed "/etc/systemd/system/fstrim.timer".

Meaning: Masking is the “I really mean disabled” setting. Unmask removes the hard block.

Decision: If it was masked, find out why. Masking is usually a scar from an incident, a security stance, or a misinformed tweak.

Force a run now (without waiting a week)

cr0x@server:~$ sudo systemctl start fstrim.service

Meaning: No output is normal; check the journal for results.

Decision: Always verify trimmed bytes in logs. A “successful run” that trimmed nothing can still indicate a problem.

Adjust scheduling (carefully)

Default weekly is fine for most servers. If you’re running large databases with aggressive churn, you might want more frequent trimming—but don’t guess. Measure. Excessively frequent trim is usually harmless on modern drives, but it can become background noise in performance profiles.

If you must change the schedule, use a systemd override for the timer, not edits to vendor units. Example: set it to run daily at a predictable time.

cr0x@server:~$ sudo systemctl edit fstrim.timer

Then add an override like this (systemd editor will open):

cr0x@server:~$ cat /etc/systemd/system/fstrim.timer.d/override.conf
[Timer]
OnCalendar=daily
RandomizedDelaySec=1h
Persistent=true

Meaning: RandomizedDelaySec prevents every server in a fleet from trimming at the same minute. Persistent=true means if the machine was off at the scheduled time, systemd will run the missed job on next boot.

Decision: For fleets, keep randomization. If you want “exactly 02:00,” accept that you may create a tiny self-inflicted thundering herd.

cr0x@server:~$ sudo systemctl daemon-reload
cr0x@server:~$ sudo systemctl restart fstrim.timer

Verify TRIM works end-to-end (the part people skip)

Here’s the uncomfortable truth: seeing fstrim report “X GiB trimmed” is good, but not sufficient in every environment. In a VM, thin LUN, SAN, or layered device-mapper setup, you care whether discards propagate to the physical backing store.

Verify from the filesystem outward

Start with fstrim -av output and journal entries. If they show trimmed bytes and no errors, the filesystem is issuing discards.

Then verify the block device actually supports discard using lsblk -D. You want non-zero values at the lowest relevant layer (physical NVMe/SATA device) and at the mapped layer you’re trimming (LUKS/LVM volumes).

Know what “0 bytes trimmed” really means

Zero trimmed bytes can be perfectly fine. If you ran trim yesterday and nothing changed, there’s nothing to discard. It can also mean:

  • the filesystem doesn’t support TRIM,
  • the device doesn’t support discard,
  • discard is blocked by an intermediate layer,
  • you’re trimming a mount that’s not on SSD-backed storage.

Verify the schedule actually runs when the machine is “on”

Laptops, lab servers, and edge nodes are notorious: they’re powered down at night, asleep on weekends, and their timers never fire. That’s why Persistent=true exists—use it when appropriate.

Joke #2: If your timer only runs when the server is off, congratulations—you’ve invented Schrödinger’s maintenance window.

Where TRIM dies: encryption, LVM, RAID, SAN, and VMs

TRIM is a request that must survive a journey through multiple components. Every one of them can block it for reasons ranging from “security default” to “controller firmware from a different geological era.” Here’s how it commonly breaks and what you do about it.

LUKS/dm-crypt: security vs reclaim

dm-crypt can pass discards, but you usually need to opt in. The risk: discards can reveal which blocks are in use, which is a form of metadata leakage. In many threat models (most server rooms), that’s acceptable. In others (some laptops, high-risk environments), it isn’t.

On Debian, enabling discards for an encrypted root often involves adding discard to the relevant entry in /etc/crypttab, then rebuilding initramfs and rebooting. Do not do this casually on production without understanding your boot chain and recovery path.

cr0x@server:~$ sudo grep -vE '^\s*#|^\s*$' /etc/crypttab
cryptroot UUID=2d4f1f67-8f5f-4a4b-9a0e-2c6d52f9c5a1 none luks,discard

Meaning: The discard option tells dm-crypt to pass discard requests down. Without it, mapped devices often show 0B discard in lsblk -D.

Decision: Decide based on threat model. If you enable it, verify with lsblk -D at both the dm-crypt and underlying device layers after reboot.

LVM (thick and thin)

Classic (thick) LVM on SSD usually trims fine as long as the underlying PV supports discard and nothing blocks it. LVM thin provisioning is where you need to be extra careful: discards can reclaim space in the thin pool, but settings and kernel behavior matter.

If your goal is reclaiming thin pool space (or upstream SAN space), you’re not just “optimizing SSD health,” you’re doing capacity management. Validate the full chain.

mdadm RAID and hardware RAID

Software RAID (md) support for discard has improved over time, but capability depends on RAID level and kernel behavior. Hardware RAID is a separate universe: some controllers translate discard properly; others drop it. Sometimes the only way to know is to test and observe capacity reclaim upstream.

Virtual machines: the hypervisor must cooperate

In KVM/QEMU environments, discard support depends on the virtual disk type (virtio-scsi vs virtio-blk), settings like “discard=unmap,” and the backing storage. On VMware, it depends on guest OS support, virtual disk provisioning type, and whether UNMAP is enabled. On cloud providers, it depends on what they expose.

The guest can be perfectly configured and still scream TRIM requests into a void if the host refuses to pass them.

Filesystems: ext4, xfs, btrfs nuance

  • ext4: Periodic fstrim is a normal pattern. The discard mount option exists but isn’t mandatory.
  • xfs: Also supports fstrim. Great on big filesystems; trim is generally straightforward.
  • btrfs: Supports discard and has its own quirks. Many admins still prefer periodic fstrim to keep behavior explicit.

Three corporate mini-stories from the trenches

Incident caused by a wrong assumption: “We’re on SSD, so TRIM must be on”

A mid-sized company migrated a batch-processing cluster from older SATA SSDs to new NVMe. They did the migration the “sensible” way: OS images baked once, rolled everywhere, and storage handled by a standard encrypted LVM layout. Everyone assumed performance would improve automatically.

It did—at first. Then, over a few weeks, the write-heavy nodes started showing longer job runtimes. Nothing dramatic, just enough to miss internal SLOs occasionally. The graphs looked like a slow tide, not a sharp cliff. Those are the worst.

The team chased the usual suspects: noisy neighbors, kernel updates, network jitter, application-level regressions. A sharp engineer finally ran lsblk -D and noticed the dm-crypt layer reported 0B discard. Manual fstrim “worked” on some mounts but trimmed tiny amounts. The drives were doing garbage collection without being told what was free. Write amplification climbed, and sustained performance sagged.

The fix wasn’t exotic: they explicitly enabled discards for the encrypted volumes (after a security review) and verified trim bytes in journald weekly. Performance stabilized. The bigger lesson: “SSD” isn’t a configuration. It’s a hardware fact. The software stack still needs to be told what you want.

Afterward, they added a baseline compliance check: if an SSD-backed mount reports 0B discard capability at the mapped layer, the node fails readiness. It was slightly annoying. It saved them from repeating the same mistake in the next environment.

Optimization that backfired: enabling continuous discard everywhere

Another org had a simple philosophy: “If discard is good, more discard is better.” They turned on the discard mount option across a fleet, including database servers and a few log ingestion boxes that hammered the filesystem with small writes and deletes.

The effect was subtle at first. Latency percentiles crept up, especially during peak ingestion. Not consistently—just enough to make on-call nights spicy. The team saw increased I/O wait but couldn’t map it cleanly to application changes.

Eventually someone correlated the spikes to frequent discard operations in block layer traces. Continuous discard was adding synchronous work at awkward times, and the storage backend wasn’t thrilled about constant unmap chatter either. The optimization had turned into jitter.

They rolled back to periodic fstrim via the systemd timer. The latency profile calmed down, and reclaim still happened on a predictable schedule. The moral: predictable maintenance beats “smart” behavior that happens at the worst possible time.

Boring but correct practice that saved the day: logging and verification as a routine

A financial services team ran Debian on encrypted NVMe, with a mix of bare metal and VMs. They had a standard weekly operations checklist that included reviewing systemd timer health and ensuring a set of housekeeping services were running. Yes, it was boring. Yes, it was effective.

One week, they noticed the fstrim journal entries changed: still “SUCCESS,” but trimmed bytes suddenly dropped to nearly zero across several VMs that normally trimmed a few gigabytes. No alerts fired because nothing “failed.” Humans noticed because they were looking.

It turned out the virtualization platform had been updated and a default changed: discard/unmap was no longer passed to guests for a subset of disk types. The guests kept issuing discards; the host ignored them politely. Thin-provisioned storage started inflating, and the SAN team was about to have a bad month.

Because the ops team caught it early, the fix was clean: update VM disk configuration to allow discard and validate using guest-level trim plus host-level space reclaim checks. No emergency capacity purchase, no weekend outage window, no executive “how did we miss this?” meeting. The boring practice paid for itself quietly, like most good SRE work.

Common mistakes: symptom → root cause → fix

1) “TRIM isn’t running” but the timer is disabled

Symptom: systemctl status fstrim.timer shows disabled/inactive; list-timers has no fstrim entry.

Root cause: Timer never enabled (or a baseline image disabled it long ago).

Fix: Enable and start: systemctl enable --now fstrim.timer. Then run systemctl start fstrim.service and check journalctl -u fstrim.service.

2) Timer enabled, but nothing happens for weeks

Symptom: Timer is enabled; LAST is “n/a” or very old; machine is often powered off/suspended.

Root cause: System wasn’t up at scheduled time; timer not persistent.

Fix: Add timer override with Persistent=true. Or schedule it more frequently with randomization.

3) Manual fstrim fails with “Operation not supported”

Symptom: sudo fstrim -av shows errors; blkdiscard reports not supported; lsblk -D shows 0B discard.

Root cause: Device or a layer (LUKS, RAID, hypervisor) doesn’t support/pass discard.

Fix: Identify the layer that reports 0B in lsblk -D. Enable discard passthrough (crypttab/hypervisor settings) or accept no TRIM for that path.

4) fstrim runs but trims only “/” and skips /var or data mounts

Symptom: Journal shows trim for some mounts only.

Root cause: fstrim --fstab only trims fstab-defined mounts; the mount isn’t in fstab, or it’s not mounted at runtime.

Fix: Put the mount in /etc/fstab (or adjust your unit to use -a without --fstab, if you truly want “whatever is mounted”). Ensure it’s mounted at the time the timer runs.

5) “0 bytes trimmed” forever, but you expected more

Symptom: Trim succeeds, always trims 0 bytes.

Root cause: No newly freed blocks since last trim; filesystem mostly full; or discards are being coalesced/ignored upstream.

Fix: Free some space and retest. Verify discard support with lsblk -D at each layer. In thin-provisioned environments, validate upstream reclaim separately.

6) You enabled discard on encrypted volumes and got nervous about security

Symptom: Security review flags metadata leakage risk.

Root cause: Discards can reveal allocation patterns.

Fix: Decide explicitly. If threat model demands it, keep discards disabled and accept potential performance/wear tradeoffs. Don’t “half enable” in a way no one understands later.

7) You tried to “fix” it with cron and now have two competing trims

Symptom: Trims run twice, logs are confusing, sometimes overlap.

Root cause: Cron job plus systemd timer, both active.

Fix: Remove cron job. Keep the systemd timer. One boss per process.

Checklists / step-by-step plan

Checklist A: Minimal fix (single Debian 13 host, bare metal SSD)

  1. Check discard capability: run lsblk -D. Confirm your SSD shows non-zero discard values.
  2. Enable timer: systemctl enable --now fstrim.timer.
  3. Force a run: systemctl start fstrim.service.
  4. Verify results: journalctl -u fstrim.service -n 50. Look for “X bytes trimmed” on expected mounts.
  5. Confirm schedule: systemctl list-timers --all | grep fstrim.

Checklist B: Layered storage (LUKS + LVM + SSD)

  1. Check base device discard: lsblk -D /dev/nvme0n1.
  2. Check mapped device discard: lsblk -D /dev/mapper/cryptroot (and LVs if applicable).
  3. If mapped layer shows 0B discard, review /etc/crypttab for discard option, then apply change safely (initramfs + reboot if root is encrypted).
  4. Run fstrim -av and confirm bytes trimmed.
  5. Confirm weekly automation via timer and journal.

Checklist C: VM guest on shared storage (the “trust but verify” plan)

  1. In guest: lsblk -D should show discard support on the virtual disk.
  2. In guest: run fstrim -av. Confirm no “Operation not supported.”
  3. Confirm timer scheduling and journald entries over time.
  4. On the host/storage side: verify that unmap/discard is enabled for the VM disk type and that space reclaim is observable (platform-specific).
  5. Document it. “We think it works” is not a control.

Checklist D: Fleet baseline (what you automate)

  1. Ensure fstrim.timer enabled on all SSD-backed nodes.
  2. Override timer with randomization and persistence where appropriate.
  3. Daily/weekly compliance: check systemctl is-enabled fstrim.timer and parse journalctl -u fstrim.service for recent successful runs.
  4. Alert on “Operation not supported” and on sudden global drop in trimmed bytes across a cluster (that’s how you catch hypervisor regressions).

FAQ

1) Should I use the discard mount option or weekly fstrim?

Use weekly fstrim for most systems. It’s predictable and easier to reason about. Use continuous discard only when you’ve measured and you know it doesn’t harm your latency profile.

2) Why does Debian use a timer instead of cron?

systemd timers integrate with dependency management and journald logs. Operationally, they’re easier to inspect and audit (list-timers, per-unit logs) than a mystery crontab.

3) If fstrim says “X GiB trimmed,” does that mean the SSD actually reclaimed it?

It means the filesystem issued discards and the kernel accepted them. In layered setups (VMs, SAN, thin provisioning), you still need to confirm the backing layer honors them.

4) Is enabling discard on LUKS safe?

It’s a tradeoff. It can leak allocation patterns (which blocks are used). Many server threat models accept that; some do not. Decide deliberately, document it, and don’t mix assumptions.

5) Why does fstrim skip some mounts?

Often because Debian runs fstrim --fstab. If a mount isn’t in /etc/fstab (or isn’t mounted), it won’t be included. Confirm with journal output and findmnt.

6) Is it bad if fstrim trims 0 bytes?

Not necessarily. If nothing new was freed, 0 is expected. If it’s always 0 on a busy system where you delete data regularly, investigate discard support with lsblk -D and check for blocked discards.

7) Can TRIM cause performance issues?

Periodic TRIM usually has minimal impact. Continuous discard can add latency in some workloads. Also, trimming enormous filesystems during peak can compete for I/O—schedule it sanely if you’re sensitive.

8) Do I need TRIM on enterprise SSDs or NVMe?

Yes, generally. Enterprise drives have better controllers and firmware, but they still benefit from accurate knowledge of free space to reduce write amplification and help steady-state performance.

9) What about swap partitions and TRIM?

Swap on SSD can be trimmed, but behavior depends on kernel and configuration. In most cases, your bigger wins are trimming the main filesystems and ensuring discard support is correct.

10) How do I prove TRIM runs regularly for audits?

Use systemctl list-timers for schedule proof and journalctl -u fstrim.service for evidence of execution and bytes trimmed. That’s operationally credible and reproducible.

Conclusion: next steps that actually reduce risk

Enable the timer, run trim once, and verify the logs. That’s the baseline. Then do the grown-up part: confirm discard support through every storage layer you depend on. If you’re in a VM or on thin-provisioned storage, treat “TRIM works” as a multi-team contract, not a guest-only setting.

Practical next steps:

  1. Run lsblk -D and identify where discard becomes 0B/0B.
  2. Enable and start fstrim.timer; trigger fstrim.service manually once.
  3. Verify journal entries show meaningful trimmed bytes on the mounts you care about.
  4. If encrypted: decide on discard in crypttab based on threat model, then implement cleanly and validate post-reboot.
  5. If virtualized: verify hypervisor discard/unmap settings and confirm upstream reclaim behavior.
  6. For fleets: add a compliance check for timer enabled + recent successful trim logs, and alert on changes in trim behavior.

TRIM is not glamorous. That’s why it fails quietly. Make it boring again—enabled, verified, and unremarkable.

← Previous
Proxmox PCI Passthrough Fails: IOMMU Groups and the Classic Traps
Next →
Docker “manifest unknown”: tags vs digests explained (and fixed)

Related articles

FireWire vs USB: how “better tech” lost to cheaper tech January 31, 2026 Debian 13: fstab mistake prevents boot — the fastest rescue-mode fix January 14, 2026 Debian 13: 100% iowait host freezes — find the noisy process/VM in 10 minutes January 7, 2026 Ubuntu 24.04 SSD/NVMe performance falls over time: prove it’s TRIM/GC and fix it December 26, 2025 Debian 13: “Text file busy” — why deploys fail and how to fix safely (case #57) December 21, 2025 Debian 13 “Read-only file system” surprise: fastest path to root cause and recovery December 17, 2025 Ubuntu 24.04 ext4 vs XFS Recovery: Which Tool to Run First (and Why) December 3, 2025 Debian 13 filesystem check takes forever: what’s normal, red flags, and fixes (case #31) December 3, 2025 Ubuntu 24.04: Disk is “full” but df looks fine — inode exhaustion explained (and fixed) November 30, 2025 Ubuntu 24.04: CIFS mount says “Permission denied” — the exact options that fix it November 27, 2025

Leave a comment