BUG #17152: ERROR: AddressSanitizer: SEGV on unknown address

The following bug has been logged on the website:

Bug reference: 17152
Logged by: Zhiyong Wu
Email address: 253540651(at)qq(dot)com
PostgreSQL version: 14beta2
Operating system: Linux version 5.13.0-1-MANJARO (builduser(at)LEGION)
Description:

PoC:
CREATE TEMP TABLE v0 ( v2 SMALLINT NOT NULL DEFAULT - - 90 , DATA TEXT , v1
REAL CONSTRAINT XMLFOREST NULL ) ;
INSERT INTO v0 VALUES ( - - - - 0 , - - - - -1 ) , ( - - ( ( ( SELECT (
SELECT LEAST ( v1 ) x FROM v0 WHERE - - - 43 >= v1 ) FROM v0 AS v2 ( OVERLAY
, v2 , v1 ) ) ) UNION SELECT - - - 22 ) , - - - - - - 2147483647 ) , ( - - -
-128 , - - - -2147483648 ) , ( - - - - 36 , - - - - - - - -128 ) , ( - - - -
9 , - - - - - -128 ) ON CONFLICT DO NOTHING ;
;
SELECT - - 11 + v2 AS x FROM v0 WHERE v2 = ( SELECT LEAST ( ( ( ( SELECT -
127 FROM ( SELECT 0 FROM ( VALUES ( - 16 ) , ( -2147483648 ) , ( - - - - -1
) ) v2 ( v2 ) GROUP BY ( + - - 72 ) / - - 18 ) AS SMALLINT ) ) UNION SELECT
MODE ( ) WITHIN GROUP ( ORDER BY v2 DESC ) FILTER ( WHERE MODE ( ) WITHIN
GROUP ( ORDER BY v1 = CASE WHEN v1 IS NULL THEN v1 ELSE - - 91 END DESC ) )
NULL ) ) FROM v0 ) ;
COMMIT TRANSACTION ;
DELETE FROM v0 WHERE v2 = - - - - - - 38 ;
;

Asan Report:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==52==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x000000c6428a bp 0x7ffcd1914310 sp 0x7ffcd1914040 T0)
==52==The signal is caused by a READ memory access.
==52==Hint: address points to the zero page.
#0 0xc64289 in ExecInterpExpr
/home/postgres/postgres/bld/../src/backend/executor/execExprInterp.c:1532:20
#1 0xce2658 in ExecEvalExprSwitchContext
/home/postgres/postgres/bld/../src/include/executor/executor.h:339:13
#2 0xce2658 in advance_aggregates
/home/postgres/postgres/bld/../src/backend/executor/nodeAgg.c:842
#3 0xce2658 in agg_retrieve_direct
/home/postgres/postgres/bld/../src/backend/executor/nodeAgg.c:2450
#4 0xce2658 in ExecAgg
/home/postgres/postgres/bld/../src/backend/executor/nodeAgg.c:2175
#5 0xd80380 in ExecProcNode
/home/postgres/postgres/bld/../src/include/executor/executor.h:257:9
#6 0xd80380 in ExecSetParamPlan
/home/postgres/postgres/bld/../src/backend/executor/nodeSubplan.c:1118
#7 0xc66f2b in ExecEvalParamExec
/home/postgres/postgres/bld/../src/backend/executor/execExprInterp.c:2414:3
#8 0xc66f2b in ExecInterpExpr
/home/postgres/postgres/bld/../src/backend/executor/execExprInterp.c:1062
#9 0xcb09f2 in ExecEvalExprSwitchContext
/home/postgres/postgres/bld/../src/include/executor/executor.h:339:13
#10 0xcb09f2 in ExecQual
/home/postgres/postgres/bld/../src/include/executor/executor.h:408
#11 0xcb09f2 in ExecScan
/home/postgres/postgres/bld/../src/backend/executor/execScan.c:227
#12 0xc89648 in ExecProcNode
/home/postgres/postgres/bld/../src/include/executor/executor.h:257:9
#13 0xc89648 in ExecutePlan
/home/postgres/postgres/bld/../src/backend/executor/execMain.c:1551
#14 0xc89648 in standard_ExecutorRun
/home/postgres/postgres/bld/../src/backend/executor/execMain.c:361
#15 0xc89061 in ExecutorRun
/home/postgres/postgres/bld/../src/backend/executor/execMain.c:305:3
#16 0x13ca6af in PortalRunSelect
/home/postgres/postgres/bld/../src/backend/tcop/pquery.c:919:4
#17 0x13c974d in PortalRun
/home/postgres/postgres/bld/../src/backend/tcop/pquery.c:763:18
#18 0x13c52d5 in exec_simple_query
/home/postgres/postgres/bld/../src/backend/tcop/postgres.c:1214:10
#19 0x13be613 in PostgresMain
/home/postgres/postgres/bld/../src/backend/tcop/postgres.c
#20 0xe073fd in main
/home/postgres/postgres/bld/../src/backend/main/main.c:205:3
#21 0x7f61369f6bf6 in __libc_start_main
/build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#22 0x499889 in _start (/usr/local/pgsql/bin/postgres+0x499889)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/postgres/postgres/bld/../src/backend/executor/execExprInterp.c:1532:20
in ExecInterpExpr
==52==ABORTING