use-of-uninitialized-value with queries using quantile and enabled optimize_syntax_fuse_functions

[antonio2368]

Describe the bug
https://s3.amazonaws.com/clickhouse-test-reports/43087/94aab4276c72dd62fa1b99d80bacdbfa6fe85f37/fuzzer_astfuzzermsan//report.html

MSan triggers on queries with multiple quantile calls while optimize_syntax_fuse_functions and Date, DateTime, or DateTime64 is used.

How to reproduce

SET optimize_syntax_fuse_functions=1;
CREATE TABLE datetime (`d` DateTime('UTC')) ENGINE = Memory;
SELECT quantile(0.1)(d), quantile(0.5)(d) FROM datetime;

Error message and/or stacktrace

SUMMARY: MemorySanitizer: use-of-uninitialized-value build_docker/../contrib/poco/Net/src/SocketImpl.cpp:322:8 in Poco::Net::SocketImpl::sendBytes(void const*, int, int)                                                                                                                                                   Exiting
Uninitialized bytes in __interceptor_send at offset 88 inside [0x7fef55e72000, 6256)                                                                                                                                                                                                                                        ==146==WARNING: MemorySanitizer: use-of-uninitialized-value                                                                                                                                                                                                                                                                     #0 0x53ca2b51 in Poco::Net::SocketImpl::sendBytes(void const*, int, int) build_docker/../contrib/poco/Net/src/SocketImpl.cpp:322:8
    #1 0x53cb8fc7 in Poco::Net::StreamSocketImpl::sendBytes(void const*, int, int) build_docker/../contrib/poco/Net/src/StreamSocketImpl.cpp:63:23                                                                                                                                                                              #2 0x424b446e in DB::WriteBufferFromPocoSocket::nextImpl() build_docker/../src/IO/WriteBufferFromPocoSocket.cpp:63:34
    #3 0x47f7d1b1 in DB::WriteBuffer::next() build_docker/../src/IO/WriteBuffer.h:49:13
    #4 0x47f7d1b1 in DB::TCPHandler::sendLogData(DB::Block const&) build_docker/../src/Server/TCPHandler.cpp:1815:10                                                                                                                                                                                                            #5 0x47f5bd37 in DB::TCPHandler::sendLogs() build_docker/../src/Server/TCPHandler.cpp:1893:9
    #6 0x47f805b2 in DB::TCPHandler::runImpl()::$_2::operator()() const build_docker/../src/Server/TCPHandler.cpp:290:21                                                                                                                                                                                                        #7 0x47f805b2 in decltype(std::declval<DB::TCPHandler::runImpl()::$_2&>()()) std::__1::__invoke[abi:v15003]<DB::TCPHandler::runImpl()::$_2&>(DB::TCPHandler::runImpl()::$_2&) build_docker/../contrib/libcxx/include/__functional/invoke.h:394:23
    #8 0x47f805b2 in void std::__1::__invoke_void_return_wrapper<void, true>::__call<DB::TCPHandler::runImpl()::$_2&>(DB::TCPHandler::runImpl()::$_2&) build_docker/../contrib/libcxx/include/__functional/invoke.h:479:9                                                                                                       #9 0x47f805b2 in std::__1::__function::__default_alloc_func<DB::TCPHandler::runImpl()::$_2, void ()>::operator()[abi:v15003]() build_docker/../contrib/libcxx/include/__functional/function.h:235:12                                                                                                                        #10 0x47f805b2 in void std::__1::__function::__policy_invoker<void ()>::__call_impl<std::__1::__function::__default_alloc_func<DB::TCPHandler::runImpl()::$_2, void ()>>(std::__1::__function::__policy_storage const*) build_docker/../contrib/libcxx/include/__functional/function.h:716:16
    #11 0x27b2d148 in std::__1::__function::__policy_func<void ()>::operator()[abi:v15003]() const build_docker/../contrib/libcxx/include/__functional/function.h:848:16                                                                                                                                                        #12 0x27b2d148 in std::__1::function<void ()>::operator()() const build_docker/../contrib/libcxx/include/__functional/function.h:1197:12                                                                                                                                                                                    #13 0x27b2d148 in DB::ThreadStatus::onFatalError() build_docker/../src/Common/ThreadStatus.cpp:243:9                                                                                                                                                                                                                        #14 0x283847db in SignalListener::onFault(int, siginfo_t const&, ucontext_t*, StackTrace const&, unsigned int, DB::ThreadStatus*) const build_docker/../src/Daemon/BaseDaemon.cpp:392:25
    #15 0x2837d4af in SignalListener::run()::'lambda'()::operator()() const build_docker/../src/Daemon/BaseDaemon.cpp:256:41                                                                                                                                                                                                    #16 0x2837d4af in decltype(std::declval<SignalListener::run()::'lambda'()>()()) std::__1::__invoke[abi:v15003]<SignalListener::run()::'lambda'()>(SignalListener::run()::'lambda'()&&) build_docker/../contrib/libcxx/include/__functional/invoke.h:394:23                                                                  #17 0x2837d4af in void std::__1::__thread_execute[abi:v15003]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, SignalListener::run()::'lambda'()>(std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, SignalListener::run()::'lambda'()>&, std::__1::__tuple_indices<>) build_docker/../contrib/libcxx/include/thread:284:5
    #18 0x2837d4af in void* std::__1::__thread_proxy[abi:v15003]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, SignalListener::run()::'lambda'()>>(void*) build_docker/../contrib/libcxx/include/thread:295:5
    #19 0x7ff13b44c608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8                                                                                                                                                                                                                               #20 0x7ff13b371132 in __clone **/build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I went step by step through code a bunch of times, and all elements accessed by arrayElement are correctly set to 0 which is also clear from the returned results.

I can continue debugging it, but leaving the report just in case someone has an idea.

[alexey-milovidov]

Does not reproduce anymore.