diff --git a/0005-fix-double-free-on-error-in-read_raid56.patch b/0005-fix-double-free-on-error-in-read_raid56.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c24ac286bdee117afd77a326996f6be648605869
--- /dev/null
+++ b/0005-fix-double-free-on-error-in-read_raid56.patch
@@ -0,0 +1,41 @@
+From 844caf8639826ed4ddc6dc7b3ba30bd19f9b21d8 Mon Sep 17 00:00:00 2001
+From: David Sterba <dsterba@suse.com>
+Date: Thu, 4 Apr 2024 00:55:47 +0200
+Subject: [PATCH] btrfs-progs: fix double free on error in read_raid56()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by 'gcc -fanalyzer':
+kernel-shared/extent_io.c: In function ‘read_raid56’:
+./include/kerncompat.h:393:18: warning: dereference of NULL ‘pointers’ [CWE-476] [-Wanalyzer-null-dereference]
+
+After allocation of the pointers array fails it's dereferenced in the
+exit block. We can return immediately instead.
+
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ kernel-shared/extent_io.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/kernel-shared/extent_io.c b/kernel-shared/extent_io.c
+index ee19430..e62ca63 100644
+--- a/kernel-shared/extent_io.c
++++ b/kernel-shared/extent_io.c
+@@ -339,10 +339,9 @@ static int read_raid56(struct btrfs_fs_info *fs_info, void *buf, u64 logical,
+ 	ASSERT(len <= BTRFS_STRIPE_LEN);
+ 
+ 	pointers = calloc(num_stripes, sizeof(void *));
+-	if (!pointers) {
+-		ret = -ENOMEM;
+-		goto out;
+-	}
++	if (!pointers)
++		return -ENOMEM;
++
+ 	/* Allocate memory for the full stripe */
+ 	for (i = 0; i < num_stripes; i++) {
+ 		pointers[i] = kmalloc(BTRFS_STRIPE_LEN, GFP_KERNEL);
+-- 
+2.27.0
+
diff --git a/btrfs-progs.spec b/btrfs-progs.spec
index 97f6542c5da4d184e7a7c8f12f43f28d89eeceb8..1ab163839f7e59e549fb7eaf5c91af9661d56d79 100644
--- a/btrfs-progs.spec
+++ b/btrfs-progs.spec
@@ -1,6 +1,6 @@
 Name:       btrfs-progs
 Version:    6.6.3
-Release:    5
+Release:    6
 Summary:    btrfs userspace programs
 License:    GPLv2 and GPL+ and LGPL-2.1+ and GPL-3.0+ and LGPL-2.1 and MIT
 URL:        https://btrfs.wiki.kernel.org/index.php/Main_Page
@@ -10,6 +10,7 @@ Patch0001:  0001-fix-exclusive-op-enqueue-timeout.patch
 Patch0002:  0002-subvolume-fix-return-value-when-the-target-exists.patch
 Patch0003:  0003-fix-memory-leak-on-exit-path-in-table-vprintf.patch
 Patch0004:  0004-btrfs-progs-scrub-status-only-report-limits-if-at-le.patch
+Patch0005:  0005-fix-double-free-on-error-in-read_raid56.patch
 
 BuildRequires:  python3-devel >= 3.4
 BuildRequires:  libacl-devel, e2fsprogs-devel, libblkid-devel, libuuid-devel, zlib-devel, libzstd-devel, lzo-devel, systemd-devel
@@ -75,6 +76,9 @@ make mandir=%{_mandir} bindir=%{_sbindir} libdir=%{_libdir} incdir=%{_includedir
 %{_mandir}/man8/*.gz
 
 %changelog
+* Fri Jun 14 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 6.6.3-6
+- fix double free on error in read_raid56()
+
 * Thu Jun 6 2024 liuh <liuhuan01@kylinos.cn> - 6.6.3-5
 - backport patch from community