executor: fix case-insensitive grant and revoke on schema names

[expxiaoli]

What problem does this PR solve?

Issue Number: close #68406, ref #66867

Problem Summary:

When new_collation_enabled = false, mixed-case schema names in privilege statements can behave inconsistently.

For table-scope and column-scope privilege operations, statements like GRANT ... ON TEST.t1 and GRANT ... ON test.t1 may not target the same privilege row in mysql.tables_priv / mysql.columns_priv. This can cause:

• GRANT to fail with get table privilege fail / get column privilege fail
• duplicate or split privilege rows for the same logical object
• REVOKE to miss the existing grant

In addition, the existing WithNewCollationDisabled unit tests only toggled the in-process collation flag, but did not actually bootstrap the test cluster with new_collation_enabled = false, so the test premise was misleading and missed the real schema-name case.

What changed and how does it work?

• Add shared schema canonicalization for privilege object resolution:

  • Introduce getTargetSchemaName() to resolve the canonical schema name from infoschema when the schema exists.
  • Update getTargetSchemaAndTable() to canonicalize the schema name before resolving the table.

• Use canonical schema/table names consistently in privilege DDL paths:

  • table-scope GRANT
  • column-scope GRANT
  • table-scope REVOKE
  • column-scope REVOKE
  • DB-scope GRANT/REVOKE

• Preserve existing compatibility for non-existent objects:

  • if the target schema/table does not exist, keep the original input name instead of forcing canonicalization.

• Fix the test setup for new_collation_enabled = false:

  • bootstrap the mock store with NewCollationsEnabledOnFirstBootstrap = false
  • verify the persisted mysql.tidb.new_collation_enabled value is False

• Add/extend regression tests for mixed-case schema names under disabled new collation:

  • TestGrantTableScopeCaseInsensitiveWithNewCollationDisabled
  • TestRevokeTableScopeCaseInsensitiveWithNewCollationDisabled
  • TestGrantColumnScope
  • TestRevokeColumnScope
  • keep DB-scope case-insensitive tests under the corrected bootstrap premise

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No need to test

Test commands:

log_level=error GOSUMDB=sum.golang.org GOPATH=/Users/xiaoli/go GOCACHE=/private/tmp/tidb-go-build ./tools/check/failpoint-go-test.sh pkg/executor -run '^(TestGrantGlobal|TestGrantDBScope|TestGrantDBScopeCaseInsensitiveWithNewCollationDisabled|TestGrantTableScope|TestGrantTableScopeCaseInsensitiveWithNewCollationDisabled|TestGrantColumnScope|TestRevokeGlobal|TestRevokeDBScope|TestRevokeDBScopeCaseInsensitiveWithNewCollationDisabled|TestRevokeTableScope|TestRevokeTableScopeCaseInsensitiveWithNewCollationDisabled|TestRevokeColumnScope)$' -count=1

GOSUMDB=sum.golang.org make server

cd tests/integrationtest
./run-tests.sh -b n -d n -s ../../bin/tidb-server -t executor/grant
./run-tests.sh -b n -d n -s ../../bin/tidb-server -t executor/revoke

cd ../..
GOSUMDB=sum.golang.org GOPATH=/Users/xiaoli/go make lint

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

Fix case-insensitive GRANT/REVOKE on schema names so mixed-case identifiers map to the same privilege row when `new_collation_enabled` is disabled.

Summary by CodeRabbit

• Bug Fixes

  • Improved GRANT/REVOKE handling of database/schema name normalization in case-insensitive scenarios.
  • Table- and column-level privilege operations now resolve and record the effective target names; table-scope grants tolerate missing tables where appropriate.
  • Error messages for privilege operations more accurately reflect the originally requested names when targets are absent.
  • SHOW GRANTS and mysql.* privilege tables now reflect normalized resolution and mixed-case inputs.

• Tests

  • Centralized bootstrap for tests with new collations disabled and refactored privilege tests into clearer subtests.

[pantheon-ai]

@expxiaoli I've received your pull request and will start the review. I'll conduct a thorough review covering code quality, potential issues, and implementation details.

⏳ This process typically takes 10-30 minutes depending on the complexity of the changes.

_{ℹ️ Learn more details on Pantheon AI.}

[tiprow]

Hi @expxiaoli. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e9a97fdf-12f8-4a5d-b1f7-3ef1a00bf206

📥 Commits

Reviewing files that changed from the base of the PR and between 29c2715 and a5b7e43.

📒 Files selected for processing (1)

• pkg/executor/grant.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/executor/grant.go

---

📝 Walkthrough

Walkthrough

GRANT and REVOKE now normalize database and table names via infoschema metadata to resolve case-insensitive references consistently when new_collation_enabled=false. New helper getTargetSchemaName and updated getTargetSchemaAndTable apply normalization to DB- and table-level privilege updates. Tests centralize the collation-disabled bootstrap and validate mixed-case DB/table/column privilege behavior.

Changes

Schema-name normalization for GRANT/REVOKE with case-insensitive collation

Layer / File(s)	Summary
Schema and table name normalization helpers pkg/executor/grant.go	New getTargetSchemaName resolves database names to their infoschema-normalized form (or returns the input if the schema doesn't exist). getTargetSchemaAndTable now initializes infoschema from domain when nil and normalizes dbName before table lookup.
DB-level grant and revoke privilege normalization pkg/executor/grant.go, pkg/executor/revoke.go	GRANT DB-scope (in Next and grantDBLevel) and REVOKE DB-scope (revokeDBPriv) normalize the target database name via getTargetSchemaName before updating mysql.*priv rows.
Table-level grant and revoke privilege normalization pkg/executor/grant.go, pkg/executor/revoke.go	grantTableLevel now accepts ctx, resolves normalized (db, tbl) via getTargetSchemaAndTable, tolerates TableNotExists for certain grants, and uses metadata-derived table names in privilege UPDATEs. revokeOneUser now resolves targets via getTargetSchemaAndTable, preserves originally requested names in error messages, and uses metadata table names when checking/deleting grants; grantLevelPriv callsite updated to pass ctx.
Test infrastructure and comprehensive case-sensitivity validation pkg/executor/grant_test.go, pkg/executor/revoke_test.go	Adds newCollationDisabledBootstrapTestKit to centralize disabling new collations for bootstrap and refactors grant/revoke tests into subtests that each use the helper, covering table-name, schema-name, column, and missing-table fallback scenarios.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• pingcap/tidb#67487: Related changes canonicalizing DB/table names for GRANT/REVOKE to target the same mysql.tables_priv rows.
• pingcap/tidb#66534: Overlapping edits to getTargetSchemaAndTable and column-privilege grant logic.

Suggested labels

size/L, lgtm

Suggested reviewers

• tiancaiamao
• fzzf678

Poem

🐰 I hopped through schemas, names once split in two,
Now infoschema whispers which casing is true.
Grants and revokes chase the same, neat track,
Tests boot collations off — no surprises come back.
🥕✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is fully related to the main change: fixing case-insensitive grant and revoke on schema names when new_collation_enabled is disabled.
Description check	✅ Passed	The PR description is comprehensive and follows the template structure with all required sections: problem summary, changes made, unit/integration tests checked, release note included, and linked issues referenced.
Linked Issues check	✅ Passed	The code changes directly address issue #68406 by introducing schema canonicalization (getTargetSchemaName, getTargetSchemaAndTable), applying it to grant/revoke paths, and fixing test bootstrap for new_collation_enabled=false; tests validate the fixes work correctly.
Out of Scope Changes check	✅ Passed	All changes are within scope: grant.go and revoke.go implement schema canonicalization logic and grant/revoke paths; test files add or refactor tests covering the canonicalization and new_collation_enabled=false scenarios; no unrelated changes detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

pkg/executor/revoke_test.go (1)

138-166: ⚡ Quick win

Cover the revoke-on-missing-table compatibility branch too.

revokeOneUser now intentionally tolerates infoschema.ErrTableNotExists before checking the privilege row, but these subtests only revoke against existing tables. Please add one case where the privilege row exists and the metadata lookup fails, so this fallback path is covered as well.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/executor/revoke_test.go` around lines 138 - 166, Add a subcase to
TestRevokeTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
branch in revokeOneUser which tolerates infoschema.ErrTableNotExists: using
newCollationDisabledBootstrapTestKit(), create user and table, GRANT SELECT to
create the mysql.tables_priv row, DROP the underlying table to force the
metadata lookup to fail with ErrTableNotExists, then run the REVOKE (using the
same mixed-case target used elsewhere) and assert the mysql.tables_priv entry is
removed; reference the test function name and revokeOneUser when locating where
to add this flow.

pkg/executor/grant.go (1)

571-577: ⚡ Quick win

Document why ErrTableNotExists is intentionally tolerated here.

This branch is carrying a SQL-compatibility rule, not generic best-effort error handling. A brief comment would make it much clearer that continuing here is only valid because the earlier validation already decided GRANT-on-missing-table is allowed.

Proposed clarification

 	dbName, tbl, err := getTargetSchemaAndTable(ctx, e.Ctx(), e.Level.DBName, e.Level.TableName, e.is)
-	if err != nil && !terror.ErrorEqual(err, infoschema.ErrTableNotExists) {
+	// Keep going for the CREATE-on-missing-table compatibility path. The
+	// caller has already validated whether GRANT is allowed when the target
+	// table does not exist.
+	if err != nil && !terror.ErrorEqual(err, infoschema.ErrTableNotExists) {
 		return err
 	}

As per coding guidelines, "Comments SHOULD explain non-obvious intent, constraints, invariants, concurrency guarantees, SQL/compatibility contracts, or important performance trade-offs, and SHOULD NOT restate what the code already makes clear."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/executor/grant.go` around lines 571 - 577, Add a brief explanatory
comment above the error check around err and infoschema.ErrTableNotExists in the
GRANT execution path (the block that sets tblName using e.Level.TableName and
tbl.Meta().Name.O) stating that ErrTableNotExists is intentionally tolerated due
to SQL-compatibility: earlier validation allows GRANT on a missing table so we
must continue rather than treat this as a hard failure; mention the invariant
that prior validation already decided GRANT-on-missing-table is allowed and
therefore skipping the error here preserves that SQL compatibility contract.

pkg/executor/grant_test.go (1)

192-230: ⚡ Quick win

Add a regression for the missing-table fallback path.

These subtests only cover existing tables, but grantTableLevel now has a new compatibility branch that keeps going after infoschema.ErrTableNotExists. A small case like GRANT CREATE ON TEST.missing_tbl ... would exercise that branch directly and protect the row-key behavior this PR is trying to preserve.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/executor/grant_test.go` around lines 192 - 230, Add a subtest inside
TestGrantTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
missing-table fallback in grantTableLevel: using
newCollationDisabledBootstrapTestKit create a user (e.g.,
'testTblCaseMissing'@'%'), ensure the target table does NOT exist (DROP TABLE IF
EXISTS test.missing_tbl), run GRANT CREATE ON TEST.missing_tbl TO
'testTblCaseMissing'@'%', then query mysql.tables_priv (and optionally SHOW
GRANTS FOR the user) to assert the expected grant row exists; this will force
the grantTableLevel branch that catches infoschema.ErrTableNotExists and
validate the row-key behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pkg/executor/grant_test.go`:
- Around line 192-230: Add a subtest inside
TestGrantTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
missing-table fallback in grantTableLevel: using
newCollationDisabledBootstrapTestKit create a user (e.g.,
'testTblCaseMissing'@'%'), ensure the target table does NOT exist (DROP TABLE IF
EXISTS test.missing_tbl), run GRANT CREATE ON TEST.missing_tbl TO
'testTblCaseMissing'@'%', then query mysql.tables_priv (and optionally SHOW
GRANTS FOR the user) to assert the expected grant row exists; this will force
the grantTableLevel branch that catches infoschema.ErrTableNotExists and
validate the row-key behavior.

In `@pkg/executor/grant.go`:
- Around line 571-577: Add a brief explanatory comment above the error check
around err and infoschema.ErrTableNotExists in the GRANT execution path (the
block that sets tblName using e.Level.TableName and tbl.Meta().Name.O) stating
that ErrTableNotExists is intentionally tolerated due to SQL-compatibility:
earlier validation allows GRANT on a missing table so we must continue rather
than treat this as a hard failure; mention the invariant that prior validation
already decided GRANT-on-missing-table is allowed and therefore skipping the
error here preserves that SQL compatibility contract.

In `@pkg/executor/revoke_test.go`:
- Around line 138-166: Add a subcase to
TestRevokeTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
branch in revokeOneUser which tolerates infoschema.ErrTableNotExists: using
newCollationDisabledBootstrapTestKit(), create user and table, GRANT SELECT to
create the mysql.tables_priv row, DROP the underlying table to force the
metadata lookup to fail with ErrTableNotExists, then run the REVOKE (using the
same mixed-case target used elsewhere) and assert the mysql.tables_priv entry is
removed; reference the test function name and revokeOneUser when locating where
to add this flow.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e1020706-3eb2-4eb1-b2e2-5f6e7795401d

📥 Commits

Reviewing files that changed from the base of the PR and between 70ff16c and 5132d6b.

📒 Files selected for processing (4)

• pkg/executor/grant.go
• pkg/executor/grant_test.go
• pkg/executor/revoke.go
• pkg/executor/revoke_test.go

[codecov]

Codecov Report

❌ Patch coverage is 69.04762% with 13 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.0246%. Comparing base (e5ca0bb) to head (a5b7e43).
⚠️ Report is 22 commits behind head on master.

Additional details and impacted files

@@               Coverage Diff                @@
##             master     #68456        +/-   ##
================================================
- Coverage   77.2799%   77.0246%   -0.2554%     
================================================
  Files          2010       2036        +26     
  Lines        555615     572939     +17324     
================================================
+ Hits         429379     441304     +11925     
- Misses       125316     129046      +3730     
- Partials        920       2589      +1669     

Flag	Coverage Δ
integration	46.5000% <69.0476%> (+6.7060%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
dumpling	60.4888% <ø> (ø)
parser	∅ <ø> (∅)
br	65.6783% <ø> (+2.6704%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[expxiaoli]

🧹 Nitpick comments (3)

pkg/executor/revoke_test.go (1)> 138-166: ⚡ Quick win

Cover the revoke-on-missing-table compatibility branch too.
revokeOneUser now intentionally tolerates infoschema.ErrTableNotExists before checking the privilege row, but these subtests only revoke against existing tables. Please add one case where the privilege row exists and the metadata lookup fails, so this fallback path is covered as well.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/executor/revoke_test.go` around lines 138 - 166, Add a subcase to
TestRevokeTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
branch in revokeOneUser which tolerates infoschema.ErrTableNotExists: using
newCollationDisabledBootstrapTestKit(), create user and table, GRANT SELECT to
create the mysql.tables_priv row, DROP the underlying table to force the
metadata lookup to fail with ErrTableNotExists, then run the REVOKE (using the
same mixed-case target used elsewhere) and assert the mysql.tables_priv entry is
removed; reference the test function name and revokeOneUser when locating where
to add this flow.

pkg/executor/grant.go (1)> 571-577: ⚡ Quick win

Document why ErrTableNotExists is intentionally tolerated here.
This branch is carrying a SQL-compatibility rule, not generic best-effort error handling. A brief comment would make it much clearer that continuing here is only valid because the earlier validation already decided GRANT-on-missing-table is allowed.

Proposed clarification

 	dbName, tbl, err := getTargetSchemaAndTable(ctx, e.Ctx(), e.Level.DBName, e.Level.TableName, e.is)
-	if err != nil && !terror.ErrorEqual(err, infoschema.ErrTableNotExists) {
+	// Keep going for the CREATE-on-missing-table compatibility path. The
+	// caller has already validated whether GRANT is allowed when the target
+	// table does not exist.
+	if err != nil && !terror.ErrorEqual(err, infoschema.ErrTableNotExists) {
 		return err
 	}

As per coding guidelines, "Comments SHOULD explain non-obvious intent, constraints, invariants, concurrency guarantees, SQL/compatibility contracts, or important performance trade-offs, and SHOULD NOT restate what the code already makes clear."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/executor/grant.go` around lines 571 - 577, Add a brief explanatory
comment above the error check around err and infoschema.ErrTableNotExists in the
GRANT execution path (the block that sets tblName using e.Level.TableName and
tbl.Meta().Name.O) stating that ErrTableNotExists is intentionally tolerated due
to SQL-compatibility: earlier validation allows GRANT on a missing table so we
must continue rather than treat this as a hard failure; mention the invariant
that prior validation already decided GRANT-on-missing-table is allowed and
therefore skipping the error here preserves that SQL compatibility contract.

pkg/executor/grant_test.go (1)> 192-230: ⚡ Quick win

Add a regression for the missing-table fallback path.
These subtests only cover existing tables, but grantTableLevel now has a new compatibility branch that keeps going after infoschema.ErrTableNotExists. A small case like GRANT CREATE ON TEST.missing_tbl ... would exercise that branch directly and protect the row-key behavior this PR is trying to preserve.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/executor/grant_test.go` around lines 192 - 230, Add a subtest inside
TestGrantTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
missing-table fallback in grantTableLevel: using
newCollationDisabledBootstrapTestKit create a user (e.g.,
'testTblCaseMissing'@'%'), ensure the target table does NOT exist (DROP TABLE IF
EXISTS test.missing_tbl), run GRANT CREATE ON TEST.missing_tbl TO
'testTblCaseMissing'@'%', then query mysql.tables_priv (and optionally SHOW
GRANTS FOR the user) to assert the expected grant row exists; this will force
the grantTableLevel branch that catches infoschema.ErrTableNotExists and
validate the row-key behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@pkg/executor/grant_test.go`:
- Around line 192-230: Add a subtest inside
TestGrantTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
missing-table fallback in grantTableLevel: using
newCollationDisabledBootstrapTestKit create a user (e.g.,
'testTblCaseMissing'@'%'), ensure the target table does NOT exist (DROP TABLE IF
EXISTS test.missing_tbl), run GRANT CREATE ON TEST.missing_tbl TO
'testTblCaseMissing'@'%', then query mysql.tables_priv (and optionally SHOW
GRANTS FOR the user) to assert the expected grant row exists; this will force
the grantTableLevel branch that catches infoschema.ErrTableNotExists and
validate the row-key behavior.

In `@pkg/executor/grant.go`:
- Around line 571-577: Add a brief explanatory comment above the error check
around err and infoschema.ErrTableNotExists in the GRANT execution path (the
block that sets tblName using e.Level.TableName and tbl.Meta().Name.O) stating
that ErrTableNotExists is intentionally tolerated due to SQL-compatibility:
earlier validation allows GRANT on a missing table so we must continue rather
than treat this as a hard failure; mention the invariant that prior validation
already decided GRANT-on-missing-table is allowed and therefore skipping the
error here preserves that SQL compatibility contract.

In `@pkg/executor/revoke_test.go`:
- Around line 138-166: Add a subcase to
TestRevokeTableScopeCaseInsensitiveWithNewCollationDisabled that exercises the
branch in revokeOneUser which tolerates infoschema.ErrTableNotExists: using
newCollationDisabledBootstrapTestKit(), create user and table, GRANT SELECT to
create the mysql.tables_priv row, DROP the underlying table to force the
metadata lookup to fail with ErrTableNotExists, then run the REVOKE (using the
same mixed-case target used elsewhere) and assert the mysql.tables_priv entry is
removed; reference the test function name and revokeOneUser when locating where
to add this flow.

ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e1020706-3eb2-4eb1-b2e2-5f6e7795401d

📥 Commits
Reviewing files that changed from the base of the PR and between 70ff16c and 5132d6b.

📒 Files selected for processing (4)

Agree. Code is fixed.

[expxiaoli]

/test-required

[expxiaoli]

/check-issue-triage-complete

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fzzf678, tiancaiamao

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [tiancaiamao]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

[LGTM Timeline notifier]

Timeline:

• 2026-05-18 08:56:52.841472878 +0000 UTC m=+168142.345603554: ☑️ agreed by tiancaiamao.
• 2026-05-19 08:09:12.827281163 +0000 UTC m=+251682.331411829: ☑️ agreed by fzzf678.

[expxiaoli]

/test-required

[expxiaoli]

/test-required

[expxiaoli]

/test-required

[ti-chi-bot]

In response to a cherrypick label: new pull request created to branch release-8.5: #68493.
But this PR has conflicts, please resolve them!