Join with LowCardinality: downcast of address 0x7f3a18005340 which does not point to an object of type 'const DB::ColumnVector<DB::Int16>'

[Algunenano]

Describe the bug
Found in https://s3.amazonaws.com/clickhouse-test-reports/42284/7b96a7b798813900504e0517cbb7ed5f93f8c3c1/fuzzer_astfuzzerubsan//report.html

Fatal output:

../src/Common/assert_cast.h:50:12: runtime error: downcast of address 0x7f3a18005340 which does not point to an object of type 'const DB::ColumnVector<DB::Int16>'
0x7f3a18005340: note: object is of type 'DB::ColumnLowCardinality'
 00 00 00 00  38 c1 0d 10 00 00 00 00  01 00 00 00 3a 7f 00 00  70 3a 01 18 3a 7f 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'DB::ColumnLowCardinality'
2022.10.14 19:19:21.000201 [ 356 ] {} <Trace> AsynchronousMetrics: MemoryTracking: was 3.58 GiB, peak 18.56 GiB, will set to 3.63 GiB (RSS), difference: 51.68 MiB
2022.10.14 19:19:22.118878 [ 347 ] {} <Trace> SystemLog (system.metric_log): Flushing system log, 8 entries to flush up to offset 1259
2022.10.14 19:19:22.158947 [ 347 ] {} <Trace> system.metric_log (1ff07e3a-2ce5-480b-b6a2-7496e006f163): Trying to reserve 1.00 MiB using storage policy from min volume index 0
2022.10.14 19:19:22.159001 [ 347 ] {} <Trace> DiskLocal: Reserved 1.00 MiB on local disk `default`, having unreserved 83.32 GiB.
2022.10.14 19:19:22.164601 [ 347 ] {} <Trace> MergedBlockOutputStream: filled checksums 202210_167_167_0 (state Temporary)
2022.10.14 19:19:22.165587 [ 347 ] {} <Trace> system.metric_log (1ff07e3a-2ce5-480b-b6a2-7496e006f163): Renaming temporary part tmp_insert_202210_167_167_0 to 202210_167_167_0.
2022.10.14 19:19:22.169729 [ 347 ] {} <Trace> SystemLog (system.metric_log): Flushed system log up to offset 1259
    #0 0x2b7d97d2 in DB::ColumnVector<short> const& assert_cast<DB::ColumnVector<short> const&, DB::IColumn const&>(DB::IColumn const&) build_docker/../src/Common/assert_cast.h:50:12
    #1 0x2b7d97d2 in DB::ColumnVector<short>::insertRangeFrom(DB::IColumn const&, unsigned long, unsigned long) build_docker/../src/Columns/ColumnVector.cpp:460:36
    #2 0x2ade3136 in DB::NotJoinedHash<true>::fillColumnsFromData(std::__1::list<DB::Block, std::__1::allocator<DB::Block>> const&, std::__1::vector<COW<DB::IColumn>::mutable_ptr<DB::IColumn>, std::__1::allocator<COW<DB::IColumn>::mutable_ptr<DB::IColumn>>>&) build_docker/../src/Interpreters/HashJoin.cpp:1820:35
    #3 0x2b060c7b in DB::NotJoinedBlocks::read() build_docker/../src/Interpreters/JoinUtils.cpp:744:37
    #4 0x2ca41eb4 in DB::JoiningTransform::work() build_docker/../src/Processors/Transforms/JoiningTransform.cpp:137:42
    #5 0x2c662773 in DB::executeJob(DB::ExecutingGraph::Node*, DB::ReadProgressCallback*) build_docker/../src/Processors/Executors/ExecutionThreadContext.cpp:47:26
    #6 0x2c662773 in DB::ExecutionThreadContext::executeTask() build_docker/../src/Processors/Executors/ExecutionThreadContext.cpp:92:9
    #7 0x2c6527fa in DB::PipelineExecutor::executeStepImpl(unsigned long, std::__1::atomic<bool>*) build_docker/../src/Processors/Executors/PipelineExecutor.cpp:228:26
    #8 0x2c653cf0 in DB::PipelineExecutor::executeSingleThread(unsigned long) build_docker/../src/Processors/Executors/PipelineExecutor.cpp:194:5
    #9 0x2c653cf0 in DB::PipelineExecutor::spawnThreads()::$_0::operator()() const build_docker/../src/Processors/Executors/PipelineExecutor.cpp:315:17
    #10 0x2c653cf0 in decltype(static_cast<DB::PipelineExecutor::spawnThreads()::$_0&>(fp)()) std::__1::__invoke_constexpr<DB::PipelineExecutor::spawnThreads()::$_0&>(DB::PipelineExecutor::spawnThreads()::$_0&) build_docker/../contrib/libcxx/include/type_traits:3648:23
    #11 0x2c653cf0 in decltype(auto) std::__1::__apply_tuple_impl<DB::PipelineExecutor::spawnThreads()::$_0&, std::__1::tuple<>&>(DB::PipelineExecutor::spawnThreads()::$_0&, std::__1::tuple<>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/tuple:1595:1
    #12 0x2c653cf0 in decltype(auto) std::__1::apply<DB::PipelineExecutor::spawnThreads()::$_0&, std::__1::tuple<>&>(DB::PipelineExecutor::spawnThreads()::$_0&, std::__1::tuple<>&) build_docker/../contrib/libcxx/include/tuple:1604:1
    #13 0x2c653cf0 in ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PipelineExecutor::spawnThreads()::$_0>(DB::PipelineExecutor::spawnThreads()::$_0&&)::'lambda'()::operator()() build_docker/../src/Common/ThreadPool.h:193:13
    #14 0x2c653cf0 in decltype(static_cast<DB::PipelineExecutor::spawnThreads()::$_0>(fp)()) std::__1::__invoke<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PipelineExecutor::spawnThreads()::$_0>(DB::PipelineExecutor::spawnThreads()::$_0&&)::'lambda'()&>(DB::PipelineExecutor::spawnThreads()::$_0&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #15 0x2c653cf0 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PipelineExecutor::spawnThreads()::$_0>(DB::PipelineExecutor::spawnThreads()::$_0&&)::'lambda'()&>(ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PipelineExecutor::spawnThreads()::$_0>(DB::PipelineExecutor::spawnThreads()::$_0&&)::'lambda'()&) build_docker/../contrib/libcxx/include/__functional/invoke.h:61:9
    #16 0x2c653cf0 in std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PipelineExecutor::spawnThreads()::$_0>(DB::PipelineExecutor::spawnThreads()::$_0&&)::'lambda'(), void ()>::operator()() build_docker/../contrib/libcxx/include/__functional/function.h:230:12
    #17 0x2c653cf0 in void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true>::ThreadFromGlobalPoolImpl<DB::PipelineExecutor::spawnThreads()::$_0>(DB::PipelineExecutor::spawnThreads()::$_0&&)::'lambda'(), void ()>>(std::__1::__function::__policy_storage const*) build_docker/../contrib/libcxx/include/__functional/function.h:711:16
    #18 0x1f9af8f2 in std::__1::__function::__policy_func<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:843:16
    #19 0x1f9af8f2 in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1184:12
    #20 0x1f9af8f2 in ThreadPoolImpl<std::__1::thread>::worker(std::__1::__list_iterator<std::__1::thread, void*>) build_docker/../src/Common/ThreadPool.cpp:294:17
    #21 0x1f9b36c3 in void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()::operator()() const build_docker/../src/Common/ThreadPool.cpp:144:73
    #22 0x1f9b36c3 in decltype(static_cast<void>(fp)()) std::__1::__invoke<void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(void&&) build_docker/../contrib/libcxx/include/type_traits:3640:23
    #23 0x1f9b36c3 in void std::__1::__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>(std::__1::tuple<void, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/thread:282:5
    #24 0x1f9b36c3 in void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void ThreadPoolImpl<std::__1::thread>::scheduleImpl<void>(std::__1::function<void ()>, int, std::__1::optional<unsigned long>, bool)::'lambda0'()>>(void*) build_docker/../contrib/libcxx/include/thread:293:5
    #25 0x7f3afe3c4608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
    #26 0x7f3afe2e9132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/Common/assert_cast.h:50:12 in 
2022.10.14 19:19:22.946480 [ 134 ] {} <Trace> BaseDaemon: Received signal -3
2022.10.14 19:19:22.947083 [ 677 ] {} <Fatal> BaseDaemon: ########################################

Query logs

2022.10.14 19:19:20.958841 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> executeQuery: (from [::ffff:127.0.0.1]:37470) SELECT count() = 1048576 FROM t1__fuzz_13 FULL OUTER JOIN t2__fuzz_47 ON 1 = 2 (stage: Complete)
2022.10.14 19:19:20.959133 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> TableJoin: Adding join condition for right table: 1 = 2 -> NULL
2022.10.14 19:19:20.959242 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> TreeRewriter: Join on constant executed as empty join
2022.10.14 19:19:20.959694 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> ContextAccess (default): Access granted: SELECT(id) ON default.t2__fuzz_47
2022.10.14 19:19:20.959803 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> ContextAccess (default): Access granted: SELECT(id) ON default.t2__fuzz_47
2022.10.14 19:19:20.959859 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> InterpreterSelectQuery: FetchColumns -> Complete
2022.10.14 19:19:20.959911 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> TableJoin: Left JOIN converting actions: empty
2022.10.14 19:19:20.959923 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> TableJoin: Right JOIN converting actions: empty
2022.10.14 19:19:20.959937 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> HashJoin: HashJoin. Datatype: EMPTY, kind: Full, strictness: All
2022.10.14 19:19:20.959955 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> HashJoin: Right sample block: t2__fuzz_47.id LowCardinality(Int16) ColumnLowCardinality(size = 0, UInt8(size = 0), ColumnUnique(size = 1, Int16(size = 1)))
2022.10.14 19:19:20.959973 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> HashJoin: Columns to add: [t2__fuzz_47.id LowCardinality(Int16) ColumnLowCardinality(size = 0, UInt8(size = 0), ColumnUnique(size = 1, Int16(size = 1)))], required right []
2022.10.14 19:19:20.959983 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> HashJoin: Joining on: 
2022.10.14 19:19:20.960064 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> ContextAccess (default): Access granted: SELECT(id) ON default.t1__fuzz_13
2022.10.14 19:19:20.960123 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> InterpreterSelectQuery: FetchColumns -> Complete
2022.10.14 19:19:20.960152 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> JoiningTransform: Before join block: 'id Nullable(Int16) Nullable(size = 0, Int16(size = 0), UInt8(size = 0))'
2022.10.14 19:19:20.960186 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> JoiningTransform: After join block: 'id Nullable(Int16) Nullable(size = 0, Int16(size = 0), UInt8(size = 0)), t2__fuzz_47.id LowCardinality(Int16) ColumnLowCardinality(size = 0, UInt8(size = 0), ColumnUnique(size = 1, Int16(size = 1)))'
2022.10.14 19:19:20.960316 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> default.t1__fuzz_13 (19fedb0f-3cc7-4cf4-818b-0a27e7e66f93) (SelectExecutor): Key condition: unknown
2022.10.14 19:19:20.960350 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> default.t1__fuzz_13 (19fedb0f-3cc7-4cf4-818b-0a27e7e66f93) (SelectExecutor): Selected 1/1 parts by partition key, 1 parts by primary key, 1/1 marks by primary key, 1 marks to read from 1 ranges
2022.10.14 19:19:20.960380 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> MergeTreeInOrderSelectProcessor: Reading 1 ranges in order from part all_1_1_0, approx. 2 rows starting from 0
2022.10.14 19:19:20.960426 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> default.t2__fuzz_47 (106ffaea-12f9-42b6-8fdb-7286a6cfb480) (SelectExecutor): Key condition: unknown
2022.10.14 19:19:20.960450 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Debug> default.t2__fuzz_47 (106ffaea-12f9-42b6-8fdb-7286a6cfb480) (SelectExecutor): Selected 1/1 parts by partition key, 1 parts by primary key, 1/1 marks by primary key, 1 marks to read from 1 ranges
2022.10.14 19:19:20.960480 [ 149 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> MergeTreeInOrderSelectProcessor: Reading 1 ranges in order from part all_1_1_0, approx. 1111 rows starting from 0
2022.10.14 19:19:20.961342 [ 417 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> AggregatingTransform: Aggregating
2022.10.14 19:19:20.961369 [ 417 ] {78ad2bc7-9b28-4f9a-b665-72c19146194c} <Trace> Aggregator: Aggregation method: without_key
2022.10.14 19:19:22.947174 [ 677 ] {} <Fatal> BaseDaemon: (version 22.10.1.1, build id: E0D1DAC7DDCBF454108623593F8DB0F135C82E29) (from thread 417) (query_id: 78ad2bc7-9b28-4f9a-b665-72c19146194c) (query: SELECT count() = 1048576 FROM t1__fuzz_13 FULL OUTER JOIN t2__fuzz_47 ON 1 = 2) Received signal Unknown signal (-3)

How to reproduce

Managed to reproduce it in a ubsan build of master (link to today's build which is using HEAD == 191158f):

CREATE TABLE t1__fuzz_13 (id Nullable(Int16)) ENGINE=MergeTree() ORDER BY id SETTINGS allow_nullable_key=1;

SET allow_suspicious_low_cardinality_types=1;

CREATE TABLE t2__fuzz_47 (id LowCardinality(Int16)) ENGINE=MergeTree() ORDER BY id;

insert into t1__fuzz_13 values (1);

insert into t2__fuzz_47 values (1);

SELECT count() = 1048576 FROM t1__fuzz_13 FULL OUTER JOIN t2__fuzz_47 ON 1 = 2

Assert:

../src/Common/assert_cast.h:50:12: runtime error: downcast of address 0x7f543c004ec0 which does not point to an object of type 'const DB::ColumnVector<DB::Int16>'
0x7f543c004ec0: note: object is of type 'DB::ColumnLowCardinality'
 00 00 00 00  a8 e5 0e 10 00 00 00 00  01 00 00 00 00 00 00 00  e0 23 00 3c 54 7f 00 00  00 6c 6c 5f
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'DB::ColumnLowCardinality'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/Common/assert_cast.h:50:12 in