Panic happens when TiDB starts with 'skip-grant-table'

[bb7133]

Bug Report

1. Minimal reproduce step (Required)

Start a TiDB server with 'skip-grant-table' mode enabled:

(only the root user of the operating system can start the TiDB process with this mode)
sudo $RUN_TIDB
...

Try to connect to TiDB:

$ mysql -u ... 

2. What did you expect to see? (Required)

Everything is OK.

3. What did you see instead (Required)

A panic is noticed:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x261b08a]

goroutine 757 [running]:
github.com/pingcap/tidb/privilege/privileges.(*Handle).Get(...)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/privilege/privileges/cache.go:1485
github.com/pingcap/tidb/privilege/privileges.(*UserPrivileges).GetAuthPlugin(0xc010b16900, 0xc010b3c004, 0x4, 0x0, 0x0, 0x1, 0x3855880, 0x4065c00000000001, 0xc010b2e0a0)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/privilege/privileges/privileges.go:224 +0x2a
github.com/pingcap/tidb/session.(*session).AuthPluginForUser(0xc010337000, 0xc010b2e0a0, 0x0, 0x200, 0xae, 0xc0006b7380)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/session/session.go:2302 +0xb8
github.com/pingcap/tidb/server.(*clientConn).checkAuthPlugin(0xc010b22000, 0x3fa0270, 0xc010b16090, 0xc0006b7878, 0xae, 0xae, 0x3c, 0x0, 0x0)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/server/conn.go:810 +0xab
github.com/pingcap/tidb/server.(*clientConn).readOptionalSSLRequestAndHandshakeResponse(0xc010b22000, 0x3fa0270, 0xc010b16090, 0x0, 0x0)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/server/conn.go:682 +0x289
github.com/pingcap/tidb/server.(*clientConn).handshake(0xc010b22000, 0x3fa0270, 0xc010b16090, 0x3fa0270, 0xc010b16090)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/server/conn.go:254 +0x41a
github.com/pingcap/tidb/server.(*Server).onConn(0xc0009e3ee0, 0xc010b22000)
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/server/server.go:453 +0xa9
created by github.com/pingcap/tidb/server.(*Server).startNetworkListener
	/home/bb7133/Projects/gopath/src/github.com/pingcap/tidb/server/server.go:404 +0x8fc

4. What is your TiDB version? (Required)

Release Version: v5.2.0-alpha-582-g3d88be834
Edition: Community
Git Commit Hash: 3d88be8344c3dbc6a344efbc69bee3d2297339cb
Git Branch: release-5.2
UTC Build Time: 2021-08-

5. Comments

When skip-grant-table is enabled, the load of privilege is skipped:

tidb/session/session.go

Lines 2600 to 2609 in 4be6821

	if !config.GetGlobalConfig().Security.SkipGrantTable {
	se4, err := createSession(store)
	if err != nil {
	return nil, err
	}
	err = dom.LoadPrivilegeLoop(se4)
	if err != nil {
	return nil, err
	}
	}

So p.Handle is nil, and TiDB will panic here:

tidb/privilege/privileges/privileges.go

Line 224 in 723e2bc

mysqlPriv := p.Handle.Get()

A simple check like this can be used to solve this issue.

(BTW I think it's a bad idea to leave p.Handle == nil for skip-grant-table）

[dveeden]

/assign @dveeden

[ti-srebot]

Please edit this comment or add a new comment to complete the following information

Not a bug

1. Remove the 'type/bug' label
2. Add notes to indicate why it is not a bug

Duplicate bug

1. Add the 'type/duplicate' label
2. Add the link to the original bug

Bug

Note: Make Sure that 'component', and 'severity' labels are added
Example for how to fill out the template: #20100

1. Root Cause Analysis (RCA) (optional)

2. Symptom (optional)

3. All Trigger Conditions (optional)

4. Workaround (optional)

5. Affected versions

6. Fixed versions