This happens in 10.5 but not in 10.4:

mtr --valgrind main.derived

==8524== Thread 9:
==8524== Invalid read of size 8
==8524== at 0x8662A1: st_select_lex::collect_grouping_fields(THD*) (sql_lex.cc:79
01)
==8524== by 0x86CC97: st_select_lex::pushdown_from_having_into_where(THD*, Item*)
(sql_lex.cc:10194)
==8524== by 0x8CFE7D: JOIN::optimize_inner() (sql_select.cc:1968)
==8524== by 0x8CE7A7: JOIN::optimize() (sql_select.cc:1563)
==8524== by 0x8D9577: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&,
Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, sel
ect_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:4591)
==8524== by 0x8C9D3D: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:413)
==8524== by 0x894955: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6319)
==8524== by 0x88AA59: mysql_execute_command(THD*) (sql_parse.cc:3882)
==8524== by 0x8984BD: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7868)
==8524== by 0x884DFC: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1826)
==8524== by 0x88363B: do_command(THD*) (sql_parse.cc:1359)
==8524== by 0xA0C926: do_handle_one_connection(CONNECT*, bool) (sql_connect.cc:1413)
==8524== by 0xA0C66F: handle_one_connection (sql_connect.cc:1309)
==8524== by 0xE3A72E: pfs_spawn_thread (pfs.cc:1862)
==8524== by 0x4E42568: start_thread (in /lib64/libpthread-2.26.so)
==8524== by 0x6ECBA2E: clone (in /lib64/libc-2.26.so)
==8524== Address 0xe68e9c0 is 16 bytes after a block of size 304 in arena "client"