How to determine which module taints the kernel?

Well I don't believe a standard Fedora kernel package will include any modules which would trigger this taint so the question is, what other kernel modules have you installed?

Common candidates would be graphics drivers (though I think those will mostly set the "proprietary" bit) and wireless drivers.

If you can find anything in the lsmod output that you think may be a candidate then run modinfo <module-name> and see if the output includes intree: Y as any module without that will trigger the taint you are seeing.

UPDATE: The rts5139 module that you're seeing in lsmod but which doesn't seem to be on your system is probably in the initrd and is being loaded from there early in the boot process before the main filesystem is mounted.

That also explains why blacklisting won't work as you would have to rebuild the initrd with the updated blacklist. Rebuilding the initrd with dracut will cause the module to go away anyway though.

➜  ~  dmesg | grep -i 'taint'
[   10.029333] vboxdrv: module verification failed: signature and/or required key missing - tainting kernel
[   10.029364] Disabling lock debugging due to kernel taint

Another way to do it is to examine the taint file of each module in /sys/module:

#!/bin/bash

cat /proc/modules |
while read module rest
do
    if [[ $(od -A n /sys/module/$module/taint) != " 000012" ]] ; then
        echo $module
    fi
done

If a module has no taint then the taint file will only contain a newline, which od represents as "000012". You can't check the file size since the sizes are all listed as 4,096 bytes regardless of their actual contents.