Here's another obnoxious test case. I started to try to strip it down, but it starts working again if I even delete nonsense lines from a subroutine that is never called. And I'm working on something else and not at all in the mood to re-learn how to debug parrot internals. It turns out that I don't get the crash when running JITted, so I think I'll just do that for now.
So, in case anyone is curious (hi leo!), attached is a 56KB (<9KB gzipped) imc file. It crashes on a memcpy inside compact_pool (triggered by new_hash). b->buflen is obviously corrupted. Using -G to disable garbage collection (does that work?) doesn't seem to help matters at all. Deleting the __setup sub at the end of the file makes the problem go away. (Note that __setup is never actually called, and the body of the routine is irrelevant other than its length.)
dead.imc.gz
Description: GNU Zip compressed data