[BUG]: segfault at exit since upgrading to 3.0.x, probably due to "Make wrapped C++ functions pickleable" (https://github.com/pybind/pybind11/pull/5580)

[HMRWork42]

Required prerequisites

• Make sure you've read the documentation. Your issue may be addressed there.
• Search the issue tracker and Discussions to verify that this hasn't already been reported. +1 or comment there if it has.
• Consider asking first in the Gitter chat room or in a Discussion.

What version (or hash if on master) of pybind11 are you using?

3.0.2

Problem description

I am one of the co-maintainers of skia-python . We have had segfaults at end of CI pytest since 3.0. c1 if built against pybind11 3.x. I I have finally got round to do a debug build and seems to get python's finalizer involving pybind11 code here in this valgrind trace:

==2980== Invalid free() / delete / delete[] / realloc()
==2980==    at 0x4847E43: free (vg_replace_malloc.c:990)
==2980==    by 0x5A0E488: pybind11::cpp_function::destruct(pybind11::detail::function_record*, bool) (pybind11.h:824)
==2980==    by 0x5A0E375: pybind11::detail::function_record_PyTypeObject_methods::tp_dealloc_impl(_object*) (pybind11.h:1325)
==2980==    by 0x49AD620: _Py_Dealloc (object.c:3072)
==2980==    by 0x49C82BC: Py_DECREF (refcount.h:421)
==2980==    by 0x49C82BC: Py_XDECREF (refcount.h:514)
==2980==    by 0x49C82BC: Py_XDECREF (refcount.h:511)
==2980==    by 0x49C82BC: meth_dealloc.lto_priv.0 (methodobject.c:179)
==2980==    by 0x49AD620: _Py_Dealloc (object.c:3072)
==2980==    by 0x4ACB77A: property_dealloc.lto_priv.0 (descrobject.c:1638)
==2980==    by 0x49C1631: _Py_Dealloc (object.c:3072)
==2980==    by 0x49C1631: Py_DECREF (refcount.h:421)
==2980==    by 0x49C1631: Py_XDECREF (refcount.h:514)
==2980==    by 0x49C1631: dictkeys_decref.part.0.constprop.0 (dictobject.c:463)
==2980==    by 0x4A7A739: PyDict_Clear (dictobject.c:2932)
==2980==    by 0x4A7A739: type_clear.lto_priv.0 (typeobject.c:6620)
==2980==    by 0x4A79F56: delete_garbage (gc.c:1141)
==2980==    by 0x4A79F56: gc_collect_region.lto_priv.0 (gc.c:1761)
==2980==    by 0x4AC84C1: gc_collect_full (gc.c:1681)
==2980==    by 0x4AC84C1: _PyGC_Collect (gc.c:2045)
==2980==    by 0x4AEAD2A: _Py_Finalize.constprop.0 (pylifecycle.c:2144)
==2980==  Address 0x6d55c3e is in a r-- mapped file /home/HMRWork42/.local/lib/python3.14/site-packages/skia.cpython-314-x86_64-linux-gnu.so segment

The code around pybind11.h:1325 in 3.0.2 was introduced in "Make wrapped C++ functions pickleable" (#5580) in 3.0 rc1, which seems to match the time frame.

Would like some suggestions to look further.

downstream issue kyamagu/skia-python#350

Reproducible example code

Unfortunately skia-python is extremely large and interconnected. I seems to have isolated the segfault at anything, exit (a simple one-line "import skia; .... " segfaults) to src/skia/GrContext* (which is still a thousand lines).

Is this a regression? Put the last known working version here if it is.

2.13.6