Beyond Crash-to-Patch: Patch Evolution for Linux Kernel Repair

Abstract

Linux kernel bug repair is typically approached as a direct mapping from crash reports to code patches. In practice, however, kernel fixes undergo iterative revision on mailing lists before acceptance, with reviewer feedback shaping correctness, concurrency handling, and API compliance. This iterative refinement process encodes valuable repair knowledge that existing automated approaches overlook. We present a large-scale study of kernel patch evolution, reconstructing 6946 syzbot-linked bug-fix lifecycles that connect crash reports, reproducers, mailing-list discussions, revision histories, and merged fixes. Our analysis confirms that accepted repairs are frequently non-local and governed by reviewer-enforced constraints not present in bug reports. Building on these insights, we develop PatchAdvisor, a repair framework that integrates retrieval-based memory with a fine-tuned diagnostic advisor to guide a coding agent toward reviewer-aligned patches. Evaluation on temporally held-out syzbot cases demonstrates that leveraging patch-evolution history yields measurable gains in both reviewer-aligned refinement signals and end-to-end repair quality compared to unguided and retrieval-only baselines.