Fuzz testing (by alaric)
Speaking of unearthing bugs, I'm surprised I've not found any mention of anyone fuzz testing NetBSD syscalls. There's a crashme tool which, despite the one-line summary doesn't actually call syscalls explicitly (although it may stumble across them at random) - it just executes arbitrary sequences of random numbers as code, in order to make sure all the CPU trap handlers work correctly...
So I may throw together a tool to do that for syscalls. Needless to say, it ought to be run as an isolated user (so it can only trash its own files), maybe in a chroot, and ideally on a machine without network access (for it could, in theory, open a network socket and do something unneighbourly :-).
This would be a good test of the higher-level inter-process isolation facilities in the OS kernel - namely, it'd help to find security holes such as local denial of service attacks against the kernel!
Also, another fun idea might be a fuzz tester for Xen hypercalls...