[BUG REPORT] Reachable unwrap() on None in `ksys_fchown` when called with invalid file descriptor

[nuczyc]

Describe the bug

A kernel panic occurs in ksys_fchown (in open.rs) when fchown() is called with an invalid file descriptor. The function fd_table.get_file_by_fd(fd) returns None for invalid fds like -1, and the code immediately calls .unwrap() without proper error handling, causing a panic.

DragonOS/kernel/src/filesystem/vfs/open.rs

Line 205 in 6fc4e37

let inode = fd_table.get_file_by_fd(fd).unwrap().inode();

To Reproduce

1. Compile the program and run.

#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <stdio.h>
#include <errno.h>

int main() {
    // Attempt to trigger the potential index out of bounds in sys_fchown.rs
    // The crash occurs at args[0] access in the fd() function
    // This happens when the syscall argument array is empty or too small
    
    // Open a file to get a valid file descriptor
    int fd = open("/tmp/test_file", O_CREAT | O_RDWR, 0644);
    if (fd < 0) {
        // If we can't create a file, try using stdout
        fd = 1; // stdout file descriptor
    }
    
    // Call fchown with valid parameters
    // The kernel should pass these as args[0], args[1], args[2]
    // If the args array is empty or malformed, accessing args[0] will panic
    uid_t uid = 1000;
    gid_t gid = 1000;
    
    printf("Attempting fchown on fd=%d, uid=%d, gid=%d\n", fd, uid, gid);
    
    // This syscall should trigger the path through sys_fchown.rs
    // If the syscall dispatch mechanism passes an empty args array,
    // accessing args[0] will cause a potential_index_out_of_bounds panic
    int result = fchown(fd, uid, gid);
    
    if (result == 0) {
        printf("fchown succeeded\n");
    } else {
        printf("fchown failed with errno=%d\n", errno);
    }
    
    // Try with invalid fd to test error paths
    printf("Attempting fchown with invalid fd=-1\n");
    result = fchown(-1, uid, gid);
    
    if (result == 0) {
        printf("fchown with invalid fd succeeded (unexpected)\n");
    } else {
        printf("fchown with invalid fd failed with errno=%d\n", errno);
    }
    
    return 0;
}

Environment

• DragonOS version:feat(procfs): 增强procfs文件系统功能 (#1713) · DragonOS-Community/DragonOS@da1759e
• DADK版本:dadk 0.5.1
• Rust版本:rustc 1.91.0-nightly (ca7750494 2025-08-09)

Logs

root@dragonos:~# /bin/ex1979___home__yuchen__dragon__DragonOS__kernel__s 
Attempting fchown on fd=4, uid=1000, gid=1000
fchown succeeded
Attempting fchown with invalid fd=-1
[ ERROR ] (src/debug/panic/mod.rs:43)    Kernel Panic Occurred. raw_pid: 20
Location:
        File: src/filesystem/vfs/open.rs
        Line: 205, Column: 45
Message:
        called `Option::unwrap()` on a `None` value
Rust Panic Backtrace:
[1] function:_Unwind_Backtrace()        (+) 0051 address:0xffff8000004db083
Current PCB:
        ProcessControlBlock { pid: AtomicRawPid { container: 20 }, tgid: RawPid(20), thread_pid: RwLock { lock: 0, data: UnsafeCell { .. } }, pid_links: [PidLink { pid: RwLock { lock: 0, data: UnsafeCell { .. } } }, PidLink { pid: RwLock}
Unknown signal (core dumped)