Description of problem: On occasion SELinux AVC denials are dropped by the audit subsystem during early boot without any warnings about dropped audit records. Additional info: Reported as an issue with Android kernels but it is expected to be a problem with standard kernels as well.
I suspect this may be an issue with using the shared printk_ratelimit() limiter in audit_printk_skb() and audit_log_lost(); we probably should implement an audit specific rate limit to prevent other subsystems from squelching audit messages, especially those in audit_log_lost().
We are now tracking upstream bugs via GitHub: * https://github.com/linux-audit/audit-kernel/issues/17