NFSD: Fix crash in nfsd4_read_release()

fbcon: Set fb_display[i]->mode to NULL when the mode is released

fbdev: bitblit: bound-check glyph index in bit_putcs*

wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode

bpf: Sync pending IRQ work before freeing ring buffer

regmap: slimbus: fix bus_context pointer in regmap init calls

usb: gadget: f_fs: Fix epfile null pointer access after ep enable.

usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget

ntfs3: pretend $Extend records as regular files

jfs: Verify inode mode when loading from disk

accel/habanalabs: support mapping cb with vmalloc-backed coherent memory

amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw

Bluetooth: SCO: Fix UAF on sco_conn_free

Bluetooth: bcsp: receive data only if registered

exfat: validate cluster allocation bits of the allocation bitmap

orangefs: fix xattr related buffer overflow...

9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN

fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds

btrfs: ensure no dirty metadata is written back for an fs with errors

Bluetooth: hci_event: validate skb length for unknown CC opcode