The lsmod command is the quickest way to inspect which kernel modules are currently loaded on a Linux system. Whether you are troubleshooting hardware drivers, verifying virtualization support, or preparing to unload an unused module, understanding how to read lsmod output and combine it with complementary tools is essential for any Linux administrator. This guide explains what kernel modules are, how lsmod works, how to filter and interpret its output, and how to dig deeper with modinfo and /proc/modules. Practical examples and troubleshooting tips included will help you manage kernel modules safely on Debian, Ubuntu, RHEL, CentOS, and Arch systems.
Understanding lsmod output and related tools
Kernel modules extend the running kernel with additional functionality such as device drivers, filesystem support, or virtualization features. The lsmod utility reads the kernel-provided module list (procfs) and formats a simple table showing module name, memory footprint, and usage information. Use lsmod with simple text tools to search, filter, and identify dependencies, and pair it with modinfo to get metadata about a module's author, license, and parameters. Below are practical commands you will use frequently as a systems administrator, each followed by realistic example output and an explanation so you can apply them safely in production environments.
lsmod Module Size Used by cmac 16384 0 rfcomm 81920 4 ahci 40960 1 intel_lpss_pci 20480 0 i2c_i801 32768 0 libahci 32768 1 ahci intel_lpss 16384 1 intel_lpss_pci kvm 651264 1 kvm_intel kvm_intel 278528 0
The output columns are: Module — module name; Size — memory footprint in bytes (kernel may present sizes in bytes or aligned pages); Used by — the number of users followed by any dependent modules. A zero in the Used by column means the module is not currently depended on by other kernel modules. Keep in mind lsmod simply formats /proc/modules, so the underlying state comes directly from the kernel.
lsmod | grep kvm kvm 651264 1 kvm_intel kvm_intel 278528 0 irqbypass 16384 1 kvm
Piping lsmod into grep lets you quickly check whether a specific module or group of modules are loaded. In this example, the kvm core and its Intel-specific module are present; irqbypass is a helper module shown as depending on kvm. This technique is ideal when validating virtualization drivers or identifying which modules to inspect further.
lsmod | awk '$3 == 0' cmac 16384 0 intel_lpss_pci 20480 0 i2c_i801 32768 0 kvm_intel 278528 0
Using awk with lsmod allows advanced filtering — here we list modules with a Used by count equal to zero, which typically means they are not depended on by other kernel modules. Modules reported as unused may still be in use by user-space via open file descriptors or device nodes, so confirm before unloading them on production systems.
modinfo kvm filename: /lib/modules/5.15.0-70-generic/kernel/virt/kvm/kvm.ko license: GPL author: Qumranet description: Kernel-based Virtual Machine parm: nested:Enable nested virtualization (int)
modinfo prints module metadata from the module file on disk. Use it to confirm module version, license, parameters, and path. This is especially useful when you need to know module parameters you can set at load time, or when identifying the upstream author and license for compliance checks.
cat /proc/modules kvm 651264 1 kvm_intel, Live 0xffffffffc0a00000 kvm_intel 278528 0 - Live 0xffffffffc0900000 irqbypass 16384 1 kvm, Live 0xffffffffc08f0000 cmac 16384 0 - Live 0xffffffffc07e0000
cat /proc/modules reveals the raw data that lsmod reads and formats. The fields are: name, size, used count (with list of dependents if any), load state (Live), and memory address. Inspecting /proc/modules directly can help when scripting or when verifying exact kernel-reported values without lsmod's formatting.
modprobe -r snd_usb_audio modprobe: FATAL: Module snd_usb_audio is in use by: snd_hda_intel
The modprobe command with the -r flag is the recommended way to remove a module and its automatically handled dependencies. In this example the removal failed because another module or driver depends on snd_usb_audio. Always check the Used by column from lsmod before attempting removal. If a module is truly unused, modprobe -r will typically return no output and a zero exit status — however, safety checks like verifying services or userspace processes are not interacting with the device are essential.
Best practices and troubleshooting tips
Working with kernel modules on production systems requires caution. Follow these best practices: 1) Always inspect dependencies via lsmod before unloading a module to avoid breaking storage, network, or input devices. 2) Use modinfo to discover parameters that can alter module behavior; you can supply parameters when loading via module configuration files or a modprobe.d snippet. 3) Test module loads and unloads on a staging system where possible. 4) When troubleshooting missing hardware drivers, check the kernel message buffer and system logs — they often show why a module failed to bind to a device during boot.
Common troubleshooting commands and approaches include checking kernel logs for module-related messages and verifying module presence on disk for the running kernel version. Kernel upgrades can leave module directories mismatched; ensure the module path matches uname -r and the modules directory under /lib/modules for the running kernel. If lsmod is not available in minimal containers or chroot environments, install the distro package that provides it (kmod on most modern distributions) or inspect /proc/modules directly.
When a module is reported as “in use” but you can't find dependents, search for open filehandles or udev-managed device nodes that may keep modules active. Use lsof or fuser on device nodes referenced by the driver, and stop related services (e.g., virtualization daemons, container runtimes) before unloading modules. Remember that forcibly removing modules with rmmod when they are in use can destabilize the system.
Conclusion
lsmod is a lightweight yet indispensable utility for any Linux administrator who needs to inspect the live set of kernel modules. Combined with tools like modinfo, modprobe, and direct /proc inspection, lsmod helps you verify driver presence, understand inter-module dependencies, and make safe decisions about loading or unloading kernel functionality. Use grep and awk to filter output quickly, consult kernel logs for load-time issues, and follow conservative practices on production systems to avoid service disruptions. Mastering these commands will speed up hardware troubleshooting, kernel debugging, and routine maintenance across Debian, Ubuntu, RHEL, CentOS, and Arch environments.