When I add "- -a never,exit -F exe=/usr/bin/osqueryd -S all" in goaudit.yaml and start process

Does your osquery have events enabled?

Yes I have set "disable_events": "false" flag in osquery

In docs there is a line saying "Auditd should not be running when using osquery's process auditing, as it will conflict with osqueryd over access to the audit netlink socket." I feel like goaudit is actually doing the same here, that may be the reason it failes.