importgcimportosimportsysdefmain():ifnotsys.is_stack_trampoline_active():try:sys.activate_stack_trampoline("perf")exceptValueError:print("Perf trampoline not supported on this platform")return# Execute functions to create trampolined code objects so# trampoline_refcount > 1 at fork time. Keep references alive.funcs= []ns= {}foriinrange(50):exec(compile(f"def _f{i}(): return{i}",f"<gen-{i}>","exec"),ns)f=ns[f"_f{i}"]f()# Execute to create trampolinefuncs.append(f)pid=os.fork()ifpid==0:# Child: _PyPerfTrampoline_AfterFork_Child has run, leaving two# active code watchers. We need to create NEW code objects that get# trampolines at the NEW extra_code_index, so both watchers see# them and double-decrement trampoline_refcount.ns2= {}foriinrange(50):exec(compile(f"def _g{i}(): return{i}",f"<child-{i}>","exec"),ns2)ns2[f"_g{i}"]()# Execute to create trampoline (increments refcount)# Destroy them — both watchers fire, double-decrement -> SIGSEGVdelns2gc.collect()os._exit(0)else:_,status=os.waitpid(pid,0)ifos.WIFSIGNALED(status):sig=os.WTERMSIG(status)print(f"FAIL: Child killed by signal{sig} (SIGSEGV=11)")sys.exit(1)else:exit_code=os.WEXITSTATUS(status)ifexit_code==0:print("OK: Child exited normally (bug not triggered)")else:print(f"FAIL: Child exited with code{exit_code}")sys.exit(1)if__name__=="__main__":main()

./configure CFLAGS="-g -O0" && make -j $(nproc)

❯ PYTHONPERFSUPPORT=1 gdb --args ./python ~/perf_trampoline_crash.py...(gdb) set follow-fork-mode child(gdb) run...Thread 2.1 "python" received signal SIGSEGV, Segmentation fault.[Switching to process 753038]compile_trampoline () at Python/perf_trampoline.c:411411    size_t total_code_size = round_up(perf_code_arena->code_size + trampoline_api.code_padding, 16);