kOSKextReturnNotLoadable on Mojave 10.14.6

[Clifford-Yen]

Hi everyone,

I recently upgraded my MacBook Pro 13" 2014-mid from High Sierra to Mojave. I used Karabiner only for eliminating the caps lock delay, and I found Karabiner 12.10 and 11.6 both not work on Mojave 10.14.6. (I have updated to Security Update 2020-004)

There are lots of messages shown in Karabiner Log like:
[info] [kextd] KextManagerLoadKextWithURL: kOSKextReturnNotLoadable

This message shows every 3 seconds. I also found relevant logs in macOS console as follows:
Error making temporary directory: 1
Memory allocation failure.
Unable to stage kext (/Library/Application Support/org.pqrs/Karabiner-VirtualHIDDevice/Extensions/org.pqrs.driver.Karabiner.VirtualHIDDevice.v061000.kext) to secure location.
org.pqrs.driver.Karabiner.VirtualHIDDevice.v061000 was unable to stage properly; failing.

What I have tried:

• Checked /var/db/SystemPolicyConfiguration/KextPolicy with sqlite3 command that Karabiner is allowed.
• Boot into Recovery mode to grant permission to Karabiner with command spctl kext-consent add G43BCU2T37.
• Restart macOS and reinstall Karabiner for countless times.
• ls -laO /Library/StagedExtensions/ and checked the flag of /Library/StagedExtensions is "restricted"
• Tried to reset the KextPolicy database (i.e. disable SIP, delete KextPolicy file, enable SIP, give permission to each kext extension again). I found that Karabiner did not ask for permission at all (other applications did ask). There is no "allow" button in Security&Privacy page for Karabiner, too.
• Reinstall Security Update 2020-004 (Mojave)
• sudo kextload and sudo kextutil org.pqrs.driver.Karabiner.VirtualHIDDevice.v061000.kext but both failed (sudo kextutil gave the exact messages shown in macOS console)

All measures failed. The only way I could make it work is to keep SIP off, which I really don't want to.

Does anyone have any idea? It's really frustrating. Any help is appreciated.

[StoneJT]

Based on the temporary directory error, can you check the permissions and flags for the following:

• /private/var/db/KernelExtensionManagement should be 0755 with the "restricted" flag set, and the com.apple.rootless attribute set to KernelExtensionManagement (you can check the value of the attribute with xattr -l)
• /private/var/db/KernelExtensionManagement/Staging should be 0755 with the "restricted" flag set.

I recently had an issue where VMWare Fusion broke after upgrading to 10.14.6, and after some digging around through the console log, I found that it was trying to use these directories while staging the kexts.

When compared to another Mac running 10.14.6, I found that the "restricted" flag was not set against KernelExtensionManagement, which appears to have affected how SIP treats the directory.

If that's the case for you, you should be able to repair it using chflags (e.g chflags restricted /Volumes/Macintosh\ HD/private/var/db/KernelExtensionManagement) from the terminal in recovery mode.

[Clifford-Yen]

Oh my! It works! I don't know how to express my appreciation to you @StoneJT! It costed me so much time on solving this problem. For IME other than English, caps lock is usually the default way to switch between that language and English. Caps lock delay really drives me crazy. Thank you so much on providing such a detailed solution!

[StoneJT]

Glad it worked out. This was the only result I got whilst searching for "error making temporary directory: 1", so I wanted to make sure I replied once I figured out what was happening.

[9M6]

@StoneJT

Not related to this repo, but I was having problems with some external kexts not being loaded, mainly:

• AdGuard
• Google File Stream

And I've been debugging non-stop, and was even planing on doing a full new clean OS install since I had this issue. (This after upgrading from High Sierra to Catalina).

Thank you for the tip, would have costed me a good few hours of work for nothing!

Cheers.

[TheQL]

@StoneJT This actually also helped me with an issue in VirtualBox! I do find it odd that I don't see any difference on

# xattr -l /private/var/db/KernelExtensionManagement
com.apple.rootless: KernelExtensionManagement
# xattr -l /private/var/db/KernelExtensionManagement/Staging

after running chflags. Also I ran chflags on "Staging" quite a lot as it appeared to do nothing from within the rescue console. But as I said, it worked nevertheless!

I have a different Mac where the entire directory /private/var/db/KernelExtensionManagement does not exist, so maybe you could also just delete it?!

EDIT:
Found this to actually show the restriction, the rootless attribute is probably something different for SIP.

# ls -ldO /Volumes/Macintosh\ HD/private/var/db/KernelExtensionManagement
drwxr-xr-x@ 3 root  wheel  restricted 96 30 Sep 12:16 /Volumes/Macintosh HD/private/var/db/KernelExtensionManagement
# ls -ldO /Volumes/Macintosh\ HD/private/var/db/KernelExtensionManagement/Staging
drwxr-xr-x  2 root  wheel  restricted 64  4 Nov 21:57 /Volumes/Macintosh HD/private/var/db/KernelExtensionManagement/Staging

[moffat]

@StoneJT, just wanted to add my thanks as well. I've been dealing with issues with several apps (Google File Stream, AdGuard, TripMode, Shimo) failing here and there and I could not find the cause. Adding that 'restricted' flag solved the problem.

[CyborgSam]

* `/private/var/db/KernelExtensionManagement` should be 0755 with the "restricted" flag set, and the `com.apple.rootless` attribute set to `KernelExtensionManagement` (you can check the value of the attribute with `xattr -l`)

* `/private/var/db/KernelExtensionManagement/Staging` should be 0755 with the "restricted" flag set.

@StoneJT thank you. This fixed an issue I had with VMware Fusion after reinstalling Mojave 10.14.6 on top of the existing Mojave 10.14.6. VMware was in the sqlite3 of approved KEXTs but wouldn't load its KEXTs.

You've earned a virtual mug of your favorite brew!

[thpryrchn]

Turns out that just putting /private/var/db/KernelExtensionManagementin your trash fixes it, as it is recreated when needed!!!

[micdimHotel]

Hi thprychn,
I used your method of trashing the KernalExtensionManagement folder, and it worked, however I can't delete the folder and it's contents that's in the Trash now? I keep getting a popup error msg > "Staging" can't be modified or deleted because it's required by macOS? Can you tell me how to delete the folder and contents? I'm on 10.14.6 Mojave latest update as on today.
Thank you!

[GregDunn1953]

Just wanted to add that @StoneJT was right on the money with a different issue - MacFUSE not loading on Mojave. Following his suggestion I set the 'restricted' flag on the KernelExtensionManagement dir and subdir, and it resolved the issue!

[seanm]

I had a similar issue. I have a MacPro5,1 with 10.13.6 on a fusion drive, used Disk Utility's 'Restore' feature to copy everything to a big 4 TB SSD and then updated to 10.14.6. VMWare then couldn't load it's kexts. Trashing the KernalExtensionManagement folder and rebooting did the trick. I also can't empty the trash, I imagine you'd have to do that with SIP disabled, or maybe as root from Recovery.

[thpryrchn]

Trashing the KernalExtensionManagement folder and rebooting did the trick. I also can't empty the trash, I imagine you'd have to do that with SIP disabled, or maybe as root from Recovery.

Yes, from the recovery console, you can do a rm -rf /Volumes/YourOSdrive/Users/TheUserThatTrashedKernalExtensionManagement/.Trash/*
I actually found this thread because of VMware not able to load kext's also. It is just easier to disable SIP, empty trash, then re-enable it. :)

[khartojo]

This absolutely worked for me on Catalina and Google DriveFileStream. Thank you @StoneJT !
Been stumped for a couple of weeks.

[donnaaboise]

I recently did a security update, and was unable to restart my VMWare Fusion machine. The kernel extension /dev/vmmon could not be loaded. I came across https://kb.vmware.com/s/article/80467 which suggested the problem was with kernel extensions. Found my way here, and learned that the directory KernelExtensionManagement did not have the right permission (the flag was not set). So after trying to use 'chflags' in the terminal window, and getting "operation not permitted", I went into recover mode and was able to fix the permissions from a terminal there.

Along the way, I learned a few things that I thought I would pass on :

• Initially, the command ls -l0 did not work for me. Turns out, the ls I installed through MacPorts CoreUtils doesn't recognize the O option. Using /bin/ls fixed this.
• It seems that flag restricted has to be set in recovery mode. This was mentioned above, but it wasn't clear (to me, at least) that this was the only way to do this. But maybe I am missing something.
• In recovery mode, I had to mount Macintosh HD before using the terminal window.
• The extension file is under /Volume/Macintosh HD/private/db/. Again, mentioned by @StoneJT, but there are other private directories as well.

The good news is that after setting the restricted flag, my VM now starts up and everything is fine.

BTW, I am running OSX 10.14.6, which I know by now is out of date. Will work on upgrading to Big Sur shortly.

[PaulHarveyUS]

Turns out that just putting /private/var/db/KernelExtensionManagementin your trash fixes it, as it is recreated when needed!!!

I was getting the 'Operation not permitted' when trying to set the restricted flag in the terminal (even as sudo) but dumping the directory in the trash caused Karabiner to instantly recreate it and ask for security clearance. Now things are working as expected

[juanfcastropiccolo]

Hi Everyone. I'm not an expert on coding and I don't understand how to solve this issue on my end. I have a Keychron K2 and I'm trying to use Karabiner for this first time with no luck, I'm getting the KextManagerLoadKextWithURL: kOSKextReturnNotLoadable message and the rules won't work. Please, could anyone help me with this issue? Thanks in advance