diff --git a/0015-btrfs-progs-convert-fix-the-filename-output-when-rol.patch b/0015-btrfs-progs-convert-fix-the-filename-output-when-rol.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d978d54fcde1329e31792de7be5f9ca7aa583005
--- /dev/null
+++ b/0015-btrfs-progs-convert-fix-the-filename-output-when-rol.patch
@@ -0,0 +1,76 @@
+From a927cb1b0acc814a3a6d383dc32b781ecc567c85 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Mon, 15 Jul 2024 13:56:14 +0930
+Subject: [PATCH] btrfs-progs: convert: fix the filename output when rolling
+ back
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[BUG]
+When rolling back a converted btrfs, the filename output is corrupted:
+
+  $ btrfs-convert -r  ~/test.img
+  btrfs-convert from btrfs-progs v6.9.2
+
+  Open filesystem for rollback:
+    Label:
+    UUID:            df54baf3-c91e-4956-96f9-99413a857576
+    Restoring from:  ext2_saved0ƨy/image
+                               ^^^ Corruption
+  Rollback succeeded
+
+[CAUSE]
+The error is in how we handle the filename.  In btrfs all our strings
+are not '\0' terminated, but with explicit length.
+
+But in C, most strings are '\0' terminated, so after reading a filename
+from btrfs, we need to manually terminate the string.
+
+However the code adding the terminating '\0' looks like this:
+
+	/* Get the filename length. */
+	name_len = btrfs_root_ref_name_len(path.nodes[0], root_ref_item);
+
+	/*
+	 * This should not happen, but as an extra handling for possible
+	 * corrupted btrfs.
+	 */
+	if (name_len > sizeof(dir_name))
+		name_len = sizeof(dir_name) - 1;
+	/* Got the real filename into our buffer. */
+ 	read_extent_buffer(path.nodes[0], dir_name, (unsigned long)(root_ref_item + 1), name_len);
+
+	/* Terminate the string. */
+	dir_name[sizeof(dir_name) - 1] = 0;
+
+The problem is, the final termination is totally wrong, it always make
+the last buffer char '\0', not using the @name_len we read before.
+
+[FIX]
+Use @name_len to terminate the string, as we have already updated it to
+handle buffer overflow, it can handle both the regular and corrupted
+case.
+
+Fixes: dc29a5c51d63 ("btrfs-progs: convert: update default output")
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+---
+ convert/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/convert/main.c b/convert/main.c
+index c9e50c0..9e93414 100644
+--- a/convert/main.c
++++ b/convert/main.c
+@@ -1719,7 +1719,7 @@ static int do_rollback(const char *devname)
+ 	if (name_len > sizeof(dir_name))
+ 		name_len = sizeof(dir_name) - 1;
+ 	read_extent_buffer(path.nodes[0], dir_name, (unsigned long)(root_ref_item + 1), name_len);
+-	dir_name[sizeof(dir_name) - 1] = 0;
++	dir_name[name_len] = 0;
+ 
+ 	printf("  Restoring from:  %s/%s\n", dir_name, image_name);
+ 
+-- 
+2.43.0
+
diff --git a/0016-btrfs-progs-fix-the-wrong-size-from-device_get_parti.patch b/0016-btrfs-progs-fix-the-wrong-size-from-device_get_parti.patch
new file mode 100644
index 0000000000000000000000000000000000000000..404d24ff2937fa86b6b854afc684bb84a4d0a764
--- /dev/null
+++ b/0016-btrfs-progs-fix-the-wrong-size-from-device_get_parti.patch
@@ -0,0 +1,76 @@
+From bf2e8b1ffc3fa76237ef8269bfd4621aaa20270f Mon Sep 17 00:00:00 2001
+From: Zoltan Racz <racz.zoli@gmail.com>
+Date: Thu, 31 Jul 2025 15:53:07 +0300
+Subject: [PATCH] btrfs-progs: fix the wrong size from
+ device_get_partition_size_sysfs()
+
+[BUG]
+When an unprivileged user, who can not access the block device, run
+"btrfs dev usage", it's very common to result the following incorrect
+output:
+
+  $ btrfs dev usage /mnt/btrfs/
+  WARNING: cannot read detailed chunk info, per-device usage will not be shown, run as root
+  /dev/mapper/test-scratch1, ID: 1
+     Device size:            20.00MiB <<<
+     Device slack:           16.00EiB <<<
+     Unallocated:                 N/A
+
+Note if the unprivileged user has read access to the raw block file, it
+will work as expected:
+
+  $ btrfs dev usage /mnt/btrfs/
+  WARNING: cannot read detailed chunk info, per-device usage will not be shown, run as root
+  /dev/mapper/test-scratch1, ID: 1
+     Device size:            10.00GiB
+     Device slack:              0.00B
+     Unallocated:                 N/A
+
+[CAUSE]
+When device_get_partition_size() is called, firstly the function checks
+if we can do a read-only open() on the block device.
+
+However under most distros, block devices are only accessible by root
+and "disk" group.
+
+If the unprivileged user is not in "disk" group, the open() will fail
+and we have to fallback to device_get_partition_size_sysfs() as the
+fallback.
+
+The function device_get_partition_size_sysfs() will use
+"/sys/block/<device>/size" as the size of the disk.
+
+But according to the kernel source code, the "size" attribute is
+implemented by returning bdev_nr_sectors(), and that result is always in
+sector unit (512 bytes).
+
+So if device_get_partition_size_sysfs() returns the value directly, it's
+512 times smaller than the original size, causing errors.
+
+[FIX]
+Just do the proper left shift to return size in bytes.
+
+Issue: #979
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+---
+ common/device-utils.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/common/device-utils.c b/common/device-utils.c
+index f86120a..d4c188c 100644
+--- a/common/device-utils.c
++++ b/common/device-utils.c
+@@ -367,7 +367,9 @@ static u64 device_get_partition_size_sysfs(const char *dev)
+ 		return 0;
+ 	}
+ 	close(sysfd);
+-	return size;
++
++	/* <device>/size value is in sector (512B) unit. */
++	return size << SECTOR_SHIFT;
+ }
+ 
+ u64 device_get_partition_size(const char *dev)
+-- 
+2.43.0
+
diff --git a/0017-btrfs-progs-fix-the-incorrect-buffer-size-for-super-.patch b/0017-btrfs-progs-fix-the-incorrect-buffer-size-for-super-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9e5ed6c4a04a948284ea82d0c2cf75b355c1d8e1
--- /dev/null
+++ b/0017-btrfs-progs-fix-the-incorrect-buffer-size-for-super-.patch
@@ -0,0 +1,44 @@
+From 84aa7cc8309533c96d52c442dd4cfb1ab02bbe18 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Wed, 26 Feb 2025 14:29:15 +1030
+Subject: [PATCH] btrfs-progs: fix the incorrect buffer size for super block
+ structure
+
+Inside the function btrfs_add_to_fsid(), we allocate a buffer to write
+the superblock to disk.
+
+However the buffer size is based on block size, which can cause two
+problems:
+
+- 2K block size
+  The block size is too small for the super block, and we will write
+  beyond the buffer and corrupt the memory.
+
+- 16/64K block size
+  The block size will be larger than super block size, this will not
+  cause any problem but waste some memory.
+
+Fix the bug by using BTRFS_SUPER_INFO_SIZE as the correct buffer size.
+
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ common/device-scan.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/device-scan.c b/common/device-scan.c
+index 630220a..a0317c4 100644
+--- a/common/device-scan.c
++++ b/common/device-scan.c
+@@ -147,7 +147,7 @@ int btrfs_add_to_fsid(struct btrfs_trans_handle *trans,
+ 	if (!device)
+ 		return -ENOMEM;
+ 
+-	buf = calloc(1, sectorsize);
++	buf = calloc(1, BTRFS_SUPER_INFO_SIZE);
+ 	if (!buf) {
+ 		ret = -ENOMEM;
+ 		goto out;
+-- 
+2.43.0
+
diff --git a/btrfs-progs.spec b/btrfs-progs.spec
index d7a7c1e26bcff1ed49a7b87f6d62f4a07d0e4a69..e905349bdb42a8f205abab28723fadef2864fe57 100644
--- a/btrfs-progs.spec
+++ b/btrfs-progs.spec
@@ -1,6 +1,6 @@
 Name:       btrfs-progs
 Version:    6.6.3
-Release:    15
+Release:    18
 Summary:    btrfs userspace programs
 License:    GPLv2 and GPL+ and LGPL-2.1+ and GPL-3.0+ and LGPL-2.1 and MIT
 URL:        https://btrfs.wiki.kernel.org/index.php/Main_Page
@@ -20,6 +20,9 @@ Patch0011:  0011-btrfs-progs-convert-for-ext2-fix-possible-tree-check.patch
 Patch0012:  0012-btrfs-progs-convert-insert-a-dummy-inode-item-before.patch
 Patch0013:  0013-btrfs-progs-corrupt-block-fix-memory-leak-in-debug_c.patch
 Patch0014:  0014-btrfs-progs-image-fix-the-bug-that-filename-sanitiza.patch
+Patch0015:  0015-btrfs-progs-convert-fix-the-filename-output-when-rol.patch
+Patch0016:  0016-btrfs-progs-fix-the-wrong-size-from-device_get_parti.patch
+Patch0017:  0017-btrfs-progs-fix-the-incorrect-buffer-size-for-super-.patch
 
 BuildRequires:  python3-devel >= 3.4
 BuildRequires:  libacl-devel, e2fsprogs-devel, libblkid-devel, libuuid-devel, zlib-devel, libzstd-devel, lzo-devel, systemd-devel
@@ -85,6 +88,9 @@ make mandir=%{_mandir} bindir=%{_sbindir} libdir=%{_libdir} incdir=%{_includedir
 %{_mandir}/man8/*.gz
 
 %changelog
+* Wed Oct 22 2025 wangmian <wagmian19@h-partners.com> - 6.6.3-18
+- sync the patch from 24.03-LTS-SP1
+
 * Tue Sep 30 2025 liuh <liuhuan01@kylinos.cn> - 6.6.3-15
 - btrfs-progs: image: fix the bug that filename sanitization not working