diff --git a/0006-fix-double-free-on-error-in-read_raid56.patch b/0006-fix-double-free-on-error-in-read_raid56.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ce3b1b197011aa1f5db851ca29467c2a34b18ffa
--- /dev/null
+++ b/0006-fix-double-free-on-error-in-read_raid56.patch
@@ -0,0 +1,42 @@
+From 844caf8639826ed4ddc6dc7b3ba30bd19f9b21d8 Mon Sep 17 00:00:00 2001
+From: David Sterba <dsterba@suse.com>
+Date: Thu, 4 Apr 2024 00:55:47 +0200
+Subject: [PATCH] btrfs-progs: fix double free on error in read_raid56()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported by 'gcc -fanalyzer':
+kernel-shared/extent_io.c: In function ‘read_raid56’:
+./include/kerncompat.h:393:18: warning: dereference of NULL ‘pointers’ [CWE-476] [-Wanalyzer-null-dereference]
+
+After allocation of the pointers array fails it's dereferenced in the
+exit block. We can return immediately instead.
+
+Signed-off-by: David Sterba <dsterba@suse.com>
+
+---
+ kernel-shared/extent_io.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/kernel-shared/extent_io.c b/kernel-shared/extent_io.c
+index ee19430..e62ca63 100644
+--- a/kernel-shared/extent_io.c
++++ b/kernel-shared/extent_io.c
+@@ -339,10 +339,9 @@ static int read_raid56(struct btrfs_fs_info *fs_info, void *buf, u64 logical,
+ 	ASSERT(len <= BTRFS_STRIPE_LEN);
+ 
+ 	pointers = calloc(num_stripes, sizeof(void *));
+-	if (!pointers) {
+-		ret = -ENOMEM;
+-		goto out;
+-	}
++	if (!pointers)
++		return -ENOMEM;
++
+ 	/* Allocate memory for the full stripe */
+ 	for (i = 0; i < num_stripes; i++) {
+ 		pointers[i] = kmalloc(BTRFS_STRIPE_LEN, GFP_KERNEL);
+-- 
+2.27.0
+
diff --git a/btrfs-progs.spec b/btrfs-progs.spec
index 4af5de7339d8ad73c7ed8edbf57583b1d6ada17d..529f87c22effe098194446ffb56d2d36d0398512 100644
--- a/btrfs-progs.spec
+++ b/btrfs-progs.spec
@@ -1,6 +1,6 @@
 Name:       btrfs-progs
 Version:    6.6.3
-Release:    6
+Release:    7
 Summary:    btrfs userspace programs
 License:    GPLv2 and GPL+ and LGPL-2.1+ and GPL-3.0+ and LGPL-2.1 and MIT
 URL:        https://btrfs.wiki.kernel.org/index.php/Main_Page
@@ -11,6 +11,7 @@ Patch0002:  0002-subvolume-fix-return-value-when-the-target-exists.patch
 Patch0003:  0003-fix-memory-leak-on-exit-path-in-table-vprintf.patch
 Patch0004:  0004-btrfs-progs-scrub-status-only-report-limits-if-at-le.patch
 Patch0005:  0005-btrfs-progs-fix-freeing-of-device-after-error-in-btr.patch
+Patch0006:  0006-fix-double-free-on-error-in-read_raid56.patch
 
 BuildRequires:  python3-devel >= 3.4
 BuildRequires:  libacl-devel, e2fsprogs-devel, libblkid-devel, libuuid-devel, zlib-devel, libzstd-devel, lzo-devel, systemd-devel
@@ -76,6 +77,9 @@ make mandir=%{_mandir} bindir=%{_sbindir} libdir=%{_libdir} incdir=%{_includedir
 %{_mandir}/man8/*.gz
 
 %changelog
+* Mon Jun 24 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 6.6.3-7
+- fix double free on error in read_raid56()
+
 * Fri Jun 21 2024 liuh <liuhuan01@kylinos.cn> - 6.6.3-6
 - backport patch fix null dereference risk