We should backport the final upstream fix for bug 1740039:

commit 77523d5e43cb5721c23855eb6045b0607a3b30a0
Author: Florian Weimer <fweimer>
Date:   Fri Oct 4 21:23:51 2019 +0200

    elf: Assign TLS modid later during dlopen [BZ #24930]
    
    Commit a42faf59d6d9f82e5293a9ebcc26d9c9e562b12b ("Fix BZ #16634.")
    attempted to fix a TLS modid consistency issue by adding additional
    checks to the open_verify function.  However, this is fragile
    because open_verify cannot reliably predict whether
    _dl_map_object_from_fd will later fail in the more complex cases
    (such as memory allocation failures).  Therefore, this commit
    assigns the TLS modid as late as possible.  At that point, the link
    map pointer will eventually be passed to _dl_close, which will undo
    the TLS modid assignment.
    
    Reviewed-by: Gabriel F. T. Gomes <gabrielftg.com>

And:

commit 7d3db434f910c23591f748a6d0ac3548af1048bb
Author: Florian Weimer <fweimer>
Date:   Thu Oct 17 08:51:21 2019 +0200

    Rename and split elf/tst-dlopen-aout collection of tests
    
    From the beginning, elf/tst-dlopen-aout has exercised two different
    bugs: (a) failure to report errors for a dlopen of the executable
    itself in some cases (bug 24900) and (b) incorrect rollback of the
    TLS modid allocation in case of a dlopen failure (bug 16634).
    
    This commit replaces the test with elf/tst-dlopen-self for (a) and
    elf/tst-dlopen-tlsmodid for (b).  The latter tests use the
    elf/tst-dlopen-self binaries (or iconv) with dlopen, so they are
    no longer self-dlopen tests.
    
    Tested on x86_64-linux-gnu and i686-linux-gnu, with a toolchain that
    does not default to PIE.

The test has a bit of a checkered history; we need to disentangle this and perhaps backport more changes.