How to determine which module taints the kernel?

fedora linux-kernel kernel-modules kernel-panic

16,299

Solution 1

Well I don't believe a standard Fedora kernel package will include any modules which would trigger this taint so the question is, what other kernel modules have you installed?

Common candidates would be graphics drivers (though I think those will mostly set the "proprietary" bit) and wireless drivers.

If you can find anything in the lsmod output that you think may be a candidate then run modinfo <module-name> and see if the output includes intree: Y as any module without that will trigger the taint you are seeing.

UPDATE: The rts5139 module that you're seeing in lsmod but which doesn't seem to be on your system is probably in the initrd and is being loaded from there early in the boot process before the main filesystem is mounted.

That also explains why blacklisting won't work as you would have to rebuild the initrd with the updated blacklist. Rebuilding the initrd with dracut will cause the module to go away anyway though.

Solution 2

Another way to do it is to examine the taint file of each module in /sys/module:

#!/bin/bash

cat /proc/modules |
while read module rest
do
    if [[ $(od -A n /sys/module/$module/taint) != " 000012" ]] ; then
        echo $module
    fi
done

If a module has no taint then the taint file will only contain a newline, which od represents as "000012". You can't check the file size since the sizes are all listed as 4,096 bytes regardless of their actual contents.

Solution 3

➜  ~  dmesg | grep -i 'taint'
[   10.029333] vboxdrv: module verification failed: signature and/or required key missing - tainting kernel
[   10.029364] Disabling lock debugging due to kernel taint

Solution 4

This might be (at least, in part) VirtualBox's vboxdrv kernel module. It's GPL'd, but kernel maintainers now flag kernels with it loaded as tainted. See https://lkml.org/lkml/2011/10/6/317 for information.

Not sure if unloading that module will "un-taint" the kernel, but if you have it loaded, that's probably what is causing it (at least, in part).

Information regarding the value of the number can be found here: http://kmaiti.blogspot.com/2011/09/how-to-check-whether-current-running.html It doesn't tell you what module, but you can see the reasons. Basically, if the value isn't 0, it's tainted.

Solution 5

Check your boot-log or watch your boot-process in the early stage (before your disks get mounted RW). This might be a bad module in your initrd.

Do you have DKMS or something like that in place?

View more solutions

16,299

drs

Engage in Woodworking

Updated on September 18, 2022

Comments

drs over 1 year
My kernel keeps panicking when connected to a certain wireless network. I'd like to send a bug report but my kernel is apparently tainted. From /var/log/messages:
```
Apr 17 21:28:22 Eiger kernel: [13330.442453] Pid: 4095, comm: kworker/u:1 Tainted: G           O 3.8.4-102.fc17.x86_64 #1
```
and
```
[root@Eiger ~]# cat /proc/sys/kernel/tainted 
4096
```
I've not been able to find documentation for what the 4096 bitmask means~~, but the G flag means that an external GPL module is loaded into the kernel~~. How do I find out which module is tainting the kernel?

I've grepped for [Tt]aint in /var/log/messages or dmesg and don't find anything corresponding to when a module is loaded. My kernel is the latest kernel from Fedora 17: 3.8.4-102.fc17.x86_64.

UPDATE: It may be due to the rts5139 module. It shows up in lsmod but modinfo rts5139 produces ERROR: Module rts5139 not found. When booting the previous kernel, 3.8.3-103.fc17.x86_64, this module is not listed by lsmod and the kernel is not tainted (/proc/sys/kernel/taint is 0).

I've tried blacklisting this module
```
echo 'blacklist rts5139' >> /etc/modprobe.d/blacklist.conf
```
but rebooting still shows the kernel as tainted.
- don_crissti about 11 years
  
  According to the docs 4096 - An out-of-tree module has been loaded.
- Random832 about 11 years
  
  G is always printed when P isn't, it doesn't necessarily imply an external module (though the O flag does).
- drs about 11 years
  
  @Random832 Thanks. I noticed the flag was still there after I reinstalled my kernel. I was wondering why.
drs about 11 years

Thanks for the tip, I've tried lsmod | awk '{print $1}' | xargs modinfo -F intree. Unfortunately, all of the results are Y, except for one line, ERROR: Module rts5139 not found.
drs about 11 years

VirtualBox is not installed, and vboxdrv is not listed by lsmod. I've seen that list of kernel taint values before. However, 4096 isn't listed and it can't be generated by combining any of the other bits. I'm guessing the documentation is old.
drs about 11 years

How do I check the modules in my initrd?
drs about 11 years

I do not have DKMS. I used to have kmod-staging to enable my card reader, but I removed that a while ago.
Joe Conlin about 11 years

Well to start with use lsinitrd to see if rts5139 is present.
Joe Conlin about 11 years

Well rts5139 is apparently a driver for a Realtek card reader so I suspect you haven't managed to completely remove it.
drs about 11 years

@TomH Indeed this was the case. I had removed the kmod-staging package, but the initrd still contained some of the staging modules. Reinstalling the kernel did the trick. If you update your answer with this info I'll accept it.
Joe Conlin about 11 years

I've updated my answer now.
Nils about 11 years

@drs look at the comment from TomH! So that kernel-module is propably still in your initrd.