Comment 11 for bug 251223

Tough bug to find. This is basically caused by AppArmor's VFS patches, most notably the unambiguous-__d_path.diff patch. In sys_getcwd() it changes the call to __d_path() and has two mistakes:

* First, it passes the actual struct path root, which ends up being changed when we are looking up chroots (and most likely bind/union mounts too). When it calls path_put(root) it's doing so on something other than what we started with, hence improper ref counting.
* Second, it does not pass D_PATH_FAIL_DELETED like it should. So we end up not properly catching failures.

FIxing both of these, will also send upstream.