I found an assertion failure while SQLite (latest, bcd51abee0b0f82b) executes the following queries.

CREATE TABLE v0 (c0, c2 AS(c0));
CREATE INDEX i ON v0 (c2, c0);
SELECT 1 FROM v0 AS a0 WHERE (SELECT count(+a0.c0 IN (SELECT a5.c2)) FROM v0 a5 GROUP BY a5.c2) GROUP BY a0.c2;

Here are the outputs:

sqlite3: sqlite3.c:164090: sqlite3WhereEnd: Assertion `(pLoop->wsFlags & WHERE_IDX_ONLY)==0 || cursorIsOpen(v,pOp->p1,k) || pOp->opcode==OP_Offset' failed.
[1]    2121030 abort      ./sqlite3 < poc

We discussed this problem (forum posts 38dceb5cb8), here is the patch c8bedef0d61731c2. It seems the patch is incomplete and there is another case that can trigger this assertion failure.

Here is the result of bisecting:

 12 BAD     2022-12-21 14:13:49 40549bacb3923e43 CURRENT
  7 GOOD    2022-12-21 12:18:06 4dc438a951bdbe27

The assertion failure may be caused by the optimizations. SQLite crashes by default with all optimizations enabled. If I disable the SQLITE_IndexedExpr optimization, SQLite works well.

.testctrl optimizations 0x01000000;

My compilation flags:

    export CFLAGS="-g -O0 -DSQLITE_DEBUG 
                -DSQLITE_ENABLE_TREETRACE 
                -DSQLITE_ENABLE_WHERETRACE
                -DSQLITE_ENABLE_CURSOR_HINTS 
                -DSQLITE_COUNTOFVIEW_OPTIMIZATION 
                -DSQLITE_ENABLE_STAT4"