Does PHP work for you with/without mod_dav enabled?

Yes, php works with or withouth mod_dav.
To make a backtrace I will need PHP configured with --enable-debug.
The problem described above is absolutely similar on two servers on which I recently upgraded PHP from php-5.1.0b3 to 5.1.0RC1.

Thread 1 (process 22993):
#0  0xb7bb3510 in _zend_hash_index_update_or_next_insert (ht=0xb7e67af8, h=0,
    pData=0xbfffda30, nDataSize=12, pDest=0x0, flag=1)
    at /tmp/php-5.1.0RC1/Zend/zend_hash.c:354
        nIndex = 0
        p = (Bucket *) 0x0
#1  0xb7bb4d2d in zend_list_insert (ptr=0x0, type=0)
    at /tmp/php-5.1.0RC1/Zend/zend_list.c:47
        index = 0
        le = {ptr = 0x846ef8c, type = 2, refcount = 1}
#2  0xb7bb4e09 in zend_register_resource (rsrc_result=0x0, 
rsrc_pointer=0x846ef8c,
    rsrc_type=2) at /tmp/php-5.1.0RC1/Zend/zend_list.c:99
        rsrc_id = 0
#3  0xb7b8a698 in _php_stream_alloc (ops=0x0, abstract=0x0, persistent_id=0x0,
    mode=0xb7cece68 "rb") at /tmp/php-5.1.0RC1/main/streams/streams.c:263
        le = {ptr = 0x11, type = 0, refcount = -1073751384}
        ret = (php_stream *) 0x846ef8c
#4  0xb7b8e3e7 in _php_stream_fopen_from_fd (fd=0, mode=0xb7cece68 "rb", 
persistent_id=0x0)
    at /tmp/php-5.1.0RC1/main/streams/plain_wrapper.c:204
        self = (php_stdio_stream_data *) 0x845ee14
        stream = (php_stream *) 0x0
#5  0xb7b8ede4 in _php_stream_fopen 
(filename=0x846c090 "/www/_error/404/index.php",
    mode=0xb7cece68 "rb", opened_path=0xbfffeeb8, options=133)
    at /tmp/php-5.1.0RC1/main/streams/plain_wrapper.c:881
        realpath = 0x83587e4 "/www/_error/404/index.php"
        open_flags = 0
        fd = 17
        ret = (php_stream *) 0x846c090
        persistent = 17
        persistent_id = 0x0
#6  0xb7b8f525 in _php_stream_fopen_with_path (

    filename=0x846c090 "/www/_error/404/index.php", mode=0xb7cece68 "rb",
    path=0x8385f60 ".:/www/_php/pear", opened_path=0xbfffeeb8, options=133)
    at /tmp/php-5.1.0RC1/main/streams/plain_wrapper.c:1275
        pathbuf = 0x10 <Address 0x10 out of bounds>
        ptr = 0x85 <Address 0x85 out of bounds>
        end = 0x846c090 "/www/_error/404/index.php"
        exec_fname = 0x2 <Address 0x2 out of bounds>
        trypath = "eregi\000??\002\000\000\000\020\000\000\000ereg_replace\000
\000\000\000ereg\000???\002\000\000\000\020\000\000\000is_callable\000\020\000
\000\000is_scalar\000\000\000\020\000\000\000is_object\000\000\000\020\000\000
\000is_array\000\000\000\000\020\000\000\000is_string\000\000\000\020\000\000
\000is_numeric\000\000\020\000\000\000is_real\000\002\000\000\000\020\000\000
\000is_double\000\000\000\020\000\000\000is_integer\000\000\020\000\000
\000is_int\000?"...
        sb = {st_dev = 13835039827440987236, __pad1 = 2, st_ino = 16, st_mode 
= 1600942451,
  st_nlink = 1667720562, st_uid = 6648673, st_gid = 16, st_rdev = 
13835039365436895082,
  __pad2 = 2, st_size = 16, st_blksize = 1768714355, st_blocks = -1090492044, 
st_atim = {
    tv_sec = 2, tv_nsec = 16}, st_mtim = {tv_sec = 1768714355, tv_nsec = -
1073807244},
  st_ctim = {tv_sec = 2, tv_nsec = 16}, __unused4 = 1734701669, __unused5 = 
1701994345}
        stream = (php_stream *) 0x8d
        path_length = 138854544
        exec_fname_length = 141
#7  0xb7b8c572 in _php_stream_open_wrapper_ex 
(path=0x846c090 "/www/_error/404/index.php",
    mode=0xb7cece68 "rb", options=141, opened_path=0x85, context=0x0)
    at /tmp/php-5.1.0RC1/main/streams/streams.c:1771
        stream = (php_stream *) 0x0
        wrapper = (php_stream_wrapper *) 0xb7e36028
        path_to_open = 0x846c090 "/www/_error/404/index.php"
        persistent = 0
        copy_of_path = 0x0
#8  0xb7b7cf34 in php_stream_open_for_zend 
(filename=0x846c090 "/www/_error/404/index.php",
    handle=0xbfffeeb0) at /tmp/php-5.1.0RC1/main/main.c:852
        stream = (php_stream *) 0x0
#9  0xb7bba32b in zend_stream_open 
(filename=0x846c090 "/www/_error/404/index.php",
    handle=0xbfffeeb0) at /tmp/php-5.1.0RC1/Zend/zend_stream.c:47
No locals.
#10 0xb7bba3ec in zend_stream_fixup (file_handle=0xbfffeeb0)
    at /tmp/php-5.1.0RC1/Zend/zend_stream.c:62
No locals.
#11 0xb7b96c88 in open_file_for_scanning (file_handle=0xbfffeeb0)
    at Zend/zend_language_scanner.c:3068
        file_path = 0x0
#12 0xb7b96d70 in compile_file (file_handle=0xbfffeeb0, type=2)
    at Zend/zend_language_scanner.c:3154
        original_lex_state = {buffer_state = 0x0, state = 0, in = 0x0, lineno 
= 0,
  filename = 0x0}
        op_array = (zend_op_array *) 0x845ebf4
        original_active_op_array = (zend_op_array *) 0x0
        retval = (zend_op_array *) 0xbfffedec
        compiler_result = -1073746256
        compilation_successful = 176 '?'
        retval_znode = {op_type = 1, u = {constant = {value = {lval = 1,
        dval = 1.4950491347092096e+93, str = {val = 0x1 <Address 0x1 out of 
bounds>,
          len = 1397157752}, ht = 0x1, obj = {handle = 1, handlers = 
0x5346ef78}},
      refcount = 1, type = 1 '\001', is_ref = 0 '\0'}, var = 1, opline_num = 1,
    op_array = 0x1, jmp_addr = 0x1, EA = {var = 1, type = 1397157752}}}
        original_in_compilation = 0 '\0'
#13 0xb7bae117 in zend_execute_scripts (type=2, retval=0x0, file_count=1)
    at /tmp/php-5.1.0RC1/Zend/zend.c:1070
        files = 0xbfffedf0 ""
        i = 0
        file_handle = (zend_file_handle *) 0xbfffeeb0
        orig_op_array = (zend_op_array *) 0x0
        local_retval = (zval *) 0x0
#14 0xb7c0c638 in php_handler (r=0x8468440)

    at /tmp/php-5.1.0RC1/sapi/apache2handler/sapi_apache2.c:564
        zfd = {type = 0 '\0', filename = 0x846c090 "/www/_error/404/index.php",
  opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, 
reader = 0,
      closer = 0, fteller = 0, interactive = 0}}, free_filename = 0 '\0'}
        orig_bailout = {{__jmpbuf = {0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, 
__saved_mask = {
      __val = {0 <repeats 32 times>}}}}
        ctx = (php_struct *) 0x8468388
        conf = (void *) 0x8245268
        brigade = (apr_bucket_brigade *) 0x0
        bucket = (apr_bucket *) 0x0
        rv = 0
        parent_req = (request_rec *) 0x8468440
#15 0x080d5206 in ap_run_handler (r=0x8468440) at config.c:152
        pHook = (ap_LINK_handler_t *) 0x0
        n = 12
        rv = 0
#16 0x080d571a in ap_invoke_handler (r=0x8468440) at config.c:364
        new_handler = 0x1 <Address 0x1 out of bounds>
        p2 = 0x0
        handler = 0x0
        result = 138839104
        old_handler = 0x8245250 "application/x-httpd-php"
#17 0x080afe59 in ap_internal_redirect (new_uri=0x82482f8 "/error/404/?e", 
r=0x8462fa0)
    at http_request.c:465
        new = (request_rec *) 0x8468440
        access_status = 0
#18 0x080af906 in ap_process_request (r=0x8462fa0) at http_request.c:262
        access_status = 1
#19 0x080aba01 in ap_process_http_connection (c=0x845cd08) at http_core.c:251
        r = (request_rec *) 0x8462fa0
        csd_set = 0
        csd = (apr_socket_t *) 0x0
#20 0x080de5a6 in ap_run_process_connection (c=0x845cd08) at connection.c:43
        pHook = (ap_LINK_process_connection_t *) 0x0
        n = 1
        rv = 0
#21 0x080d3da3 in child_main (child_num_arg=0) at prefork.c:610
        ptrans = (apr_pool_t *) 0x845cbf8
        allocator = (apr_allocator_t *) 0x845ab68
        current_conn = (conn_rec *) 0x845cd08
        status = 138792200
        i = 1
        lr = (ap_listen_rec *) 0x845aca8
        curr_pollfd = 1
        last_pollfd = 1
        pollset = (apr_pollfd_t *) 0x845aca8
        offset = 0
        csd = (void *) 0x845cc30
        sbh = (ap_sb_handle_t *) 0x845ac78
        rv = 0
        bucket_alloc = (apr_bucket_alloc_t *) 0x8460f60
#22 0x080d3ebc in make_child (s=0x81be458, slot=1) at prefork.c:704
        pid = 0
#23 0x080d3fa3 in startup_children (number_to_start=4) at prefork.c:722
        i = 1
#24 0x080d469d in ap_mpm_run (_pconf=0x81b90a8, plog=0x82031d0, s=0x5) at 
prefork.c:941
        index = 0
        remaining_children_to_start = 5
        rv = 0
#25 0x080d9606 in main (argc=4, argv=0xbffff274) at main.c:618
        exit_status = 0
        c = 68 'D'
        configtestonly = 0
        confname = 0x817a0e0 "conf/httpd.conf"
        def_server_root = 0x817ad38 "/usr/local/apache2"
        temp_error_log = 0x0
        process = (process_rec *) 0x81b7120
        server_conf = (server_rec *) 0x81be458
        pglobal = (apr_pool_t *) 0x81b70a0
        pconf = (apr_pool_t *) 0x81b90a8
        plog = (apr_pool_t *) 0x82031d0
        ptemp = (apr_pool_t *) 0x82011c8
        pcommands = (apr_pool_t *) 0x81bb0b0
        opt = (apr_getopt_t *) 0x81bb148
        rv = 0
        mod = (module **) 0x81be458
        optarg = 0xbffffad9 "SSL"
        signal_server = (apr_OFN_ap_signal_server_t *) 0x1

I just posted the core dump for the process that ended with a Segmentation fault after trying to PUT a file in a Webdav folder.

Also, I just found out that there are many other processes ending with a Segmentation fault, all of them happening when the server looking for a file which is not found is trying to access a 404 custom file made in PHP. if I change the 404 to a simple HTML everything is back to normal. 
Therefore, it seems that the PHP (5.1.0RC1) is responsible for this fault. It used to work with the previous version (5.1.0b3).

BTW, it is not the Custom 404 page php script that is causing an error, even if I put an empty file there and name it index.php I still get the Segmentation fault.

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

I already did, I've been told by the Apache developers that the 404 handling in PHP/apache2handler was broken recently. And yes, it works fine now (I wonder what other bugs are in this snapshot of 5.1.0RC2 I just installed). Thank you.