TLSDESC cannot be relocated lazily in a module that was linked bind now, because the DT_TLSDESC_PLT and DT_TLSDESC_GOT entry points are missing. ldaudit should not ignore bind now in _dl_relocate_object: /* If DT_BIND_NOW is set relocate all references in this object. We do not do this if we are profiling, of course. */ // XXX Correct for auditing? if (!consider_profiling && __builtin_expect (l->l_info[DT_BIND_NOW] != NULL, 0)) lazy = 0; i plan to remove lazy tlsdesc support (see bug 27137) that makes this problem go away (except when bind now is used semantically to mean lazy relocation is unsupported e.g. by plt calls that don't follow the pcs). alternative fix would be to change all linkers to always emit the lazy tlsdesc entry with bind now for ldaudit to work.
The master branch has been updated by Szabolcs Nagy <nsz@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f7e09f4dbdb5c815a18b8285fbc5d5d7bc17d86 commit 8f7e09f4dbdb5c815a18b8285fbc5d5d7bc17d86 Author: Szabolcs Nagy <szabolcs.nagy@arm.com> Date: Thu Feb 11 11:29:23 2021 +0000 x86_64: Avoid lazy relocation of tlsdesc [BZ #27137] Lazy tlsdesc relocation is racy because the static tls optimization and tlsdesc management operations are done without holding the dlopen lock. This similar to the commit b7cf203b5c17dd6d9878537d41e0c7cc3d270a67 for aarch64, but it fixes a different race: bug 27137. Another issue is that ld auditing ignores DT_BIND_NOW and thus tries to relocate tlsdesc lazily, but that does not work in a BIND_NOW module due to missing DT_TLSDESC_PLT. Unconditionally relocating tlsdesc at load time fixes this bug 27721 too.
fixed for 2.34