LWN has a great article about the history of syscalls fuzzing, a practise that apparently dates back to the mid-1990s.
In 2007, Tavis Ormandy and Michał Zalewski started to publicly play around with coverage based fuzzers. They weren’t the only ones, for example Jared Demott gave a talk on this topic at DEFCON 14. This resulted in the publication of AFL in 2013, yielding a phenomenal amount of bugs.
Microsoft is apparently massively fuzzing its Windows operating system since at least Vista, released in 2006.
In March 2016, Linux gained support for KCOV, thanks to Dmitry Vyukov, based on a patch from Quentin Casasnovas. KCOV was apparently already used internally at Google for a couple of months, according to the commit message.
The coverage is low-ish for now, but the good news is that the number of syscalls and ioctl are steadily increasing!
Fuzzing is great, but without sanitizers, a lot of bugs are going unnoticed. Unfortunately, OpenBSD only supports KUBSAN:
|KUBSAN||2019, based on NetBSD’s code||2014||2018||2018|