I cant offer a script to reproduce segfault because it not happens everytime.
PHP7 extension use ZVAL_STR to wrap zend_string to zval struct，and later use zval_dtor try to free it.
The method_name parameter is pass from PHP script, and zval_dtor decrement the gc reference count, thus would free the zend_string object but it is still referenced in the script.
I changed ZVAL_STR to ZVAL_STR_COPY, which will add reference count by 1 to the zend_string object , apply this patch in our production environment and segfault never happen again
Another place use ZVAL_STR is here. Both this two place need to be fixed