Reproduced this issue on master with your queries. I looked into this issue and I agree with your analysis. I think this is exactly what happened.
I also agree that we should materialize the newslot before we fetch trigtuple from the oldslot which would materialize the oldslot and release all buffer pins. But I'm not too familiar with the arounding codes so need someone else to have a look.
I have a second look at this issue and now I think the fix in v1 patch is correct. I think the comment needs to be updated for this change, maybe something like
* (Typically, newslot was also generated by ExecGetUpdateNewTuple, so * that epqslot_clean will be that same slot and the copy step below - * is not needed.) + * is not needed. And we need to materialize newslot in this case, + * since its tuple might be dependent on oldslot's storage, which + * might not be a local copy and be freed before we fetch newslot's + * tuple.)
