Description:
MySQL segfaulted during tmp table operations. stack trace:
============
ha_myisam:write_row
handler:ha_write_row
end_unique_update
evaluate_join_record
sub_select:JOIN:st_join_tableb
JOIN:exec
....
============

Further debugging confirmed that in end_unique_update, join_tab->tmp_table_param->skip_create_table = true, which caused table->file->table not being initialized, hence segfaulted in ha_myisam::write_row when trying to dereference the member table pointer. The queries that triggered this segfault are all complicated information_schema queries.

How to repeat:
This crashes in our production several times a day. The queries are information_schema queries with a lot of aggregation, but the same query doesn't fail all the time. We still can't reliably reproduce this.

Suggested fix:
It seems that in 5.6.6 there's modification in JOIN::create_intermediate_table which set tab->tmp_table_param->skip_create_table = true. I'm not sure whether this is related. But it's the recent change I found that could possibly cause this segfault.

Thank you for the bug report. The current release of 5.6 is 5.6.16 version if you
are using a prior release please check if the issue exists with 5.6.16, if yes
please re-open this bug report when you are able to provide a repeatable test case.
Thanks.

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

We've already looked into this and the problem is in put_record the function didn't check the return value for prepare_tmp_table.

Closing this bug now.
Issue  should be resolved in 5.6.23, 5.7.6 and newer versions
Bug 18948649 - OUT OF FILE DESCRIPTORS - VARIOUS CRASHES WHEN TMP TABLES FAIL