Fuzzing results for various interpreters.
I gave a talk about this project at WarCon 2017. Slides are available. References section might come in handy.
My current approach is to run honggfuzz with radamsa on an existing template corpus. I usually go for 10M+ iterations (not much but servers cost money, duh).
Initial triage is done with exploitable and crashwalk.
Having all that in mind I doubt that there are any gems here (i.e. not only crashing but also reachable via user input).
Be my guest with regard to further analysis, IBB can't wait.