Index: security/audit/audit.c
===================================================================
--- security/audit/audit.c	(revision 189569)
+++ security/audit/audit.c	(working copy)
@@ -492,6 +492,8 @@
 	au_id_t auid;
 
 	KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
+	KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
+	    ("audit_syscall_enter: TDP_AUDITREC set"));
 
 	/*
 	 * In FreeBSD, each ABI has its own system call table, and hence
@@ -542,9 +544,13 @@
 			panic("audit_failing_stop: thread continued");
 		}
 		td->td_ar = audit_new(event, td);
-	} else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
+		if (td->td_ar != NULL)
+			td->td_pflags |= TDP_AUDITREC;
+	} else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) {
 		td->td_ar = audit_new(event, td);
-	else
+		if (td->td_ar != NULL)
+			td->td_pflags |= TDP_AUDITREC;
+	} else
 		td->td_ar = NULL;
 }
 
@@ -572,6 +578,7 @@
 
 	audit_commit(td->td_ar, error, retval);
 	td->td_ar = NULL;
+	td->td_pflags &= ~TDP_AUDITREC;
 }
 
 void
@@ -626,6 +633,8 @@
 {
 
 	KASSERT(td->td_ar == NULL, ("audit_thread_free: td_ar != NULL"));
+	KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
+	    ("audit_thread_free: TDP_AUDITREC set"));
 }
 
 void
Index: security/audit/audit.h
===================================================================
--- security/audit/audit.h	(revision 189569)
+++ security/audit/audit.h	(working copy)
@@ -186,7 +186,7 @@
  * audit_enabled flag before performing the actual call.
  */
 #define	AUDIT_ARG(op, args...)	do {					\
-	if (td->td_ar != NULL)						\
+	if (td->td_pflags & TDP_AUDITREC)				\
 		audit_arg_ ## op (args);				\
 } while (0)
 
@@ -202,7 +202,7 @@
  * auditing is disabled, so we don't just check audit_enabled here.
  */
 #define	AUDIT_SYSCALL_EXIT(error, td)	do {				\
-	if (td->td_ar != NULL)						\
+	if (td->td_pflags & TDP_AUDITREC)				\
 		audit_syscall_exit(error, td);				\
 } while (0)
 
Index: security/audit/audit_syscalls.c
===================================================================
--- security/audit/audit_syscalls.c	(revision 189569)
+++ security/audit/audit_syscalls.c	(working copy)
@@ -96,6 +96,7 @@
 		td->td_ar = audit_new(AUE_NULL, td);
 		if (td->td_ar == NULL)
 			return (ENOTSUP);
+		td->td_pflags |= TDP_AUDITREC;
 		ar = td->td_ar;
 	}
 
Index: sys/proc.h
===================================================================
--- sys/proc.h	(revision 189569)
+++ sys/proc.h	(working copy)
@@ -368,6 +368,7 @@
 #define	TDP_KTHREAD	0x00200000 /* This is an official kernel thread */
 #define	TDP_CALLCHAIN	0x00400000 /* Capture thread's callchain */
 #define	TDP_IGNSUSP	0x00800000 /* Permission to ignore the MNTK_SUSPEND* */
+#define	TDP_AUDITREC	0x01000000 /* Audit record pending on thread */
 
 /*
  * Reasons that the current thread can not be run yet.