TLS usage from audit modules is not taken into account for sizing the static TLS area. As a result, too much TLS usage from audit modules causes all programs to fail to load. This also happens for static TLS usage in glibc itself, so it cannot be fully worked around by using dynamic TLS in audit modules. (Due to the early TCB reservation necessary to run audit code, the static TLS reservation is also needed for loading the main program, I think, but this bug is not about that.)
It turns out that elf/dl-tls.c attempts to account for this already, it's just that the limit has not been updated in a while: /* Amount of excess space to allocate in the static TLS area to allow dynamic loading of modules defining IE-model TLS data. */ #define TLS_STATIC_SURPLUS 64 + DL_NNS * 100 There cannot be more than DL_NNS - 1 audit modules, so if the magic constant 100 reflects implementation TLS usage (it currently does not, it is more like 144 bytes),