diff --git a/backport-fence_ibm_vpc-refresh-bearer-token-in-connect-if-tok.patch b/backport-fence_ibm_vpc-refresh-bearer-token-in-connect-if-tok.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c0dd9a7ddc0aa7afb8a74fdaa95096b10cbb10bf
--- /dev/null
+++ b/backport-fence_ibm_vpc-refresh-bearer-token-in-connect-if-tok.patch
@@ -0,0 +1,41 @@
+From 293b3961149f680ead9028e6719c405957abc6b7 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 13 Mar 2025 16:40:30 +0100
+Subject: [PATCH] fence_ibm_vpc: refresh bearer-token in connect() if token
+ data is corrupt, and avoid edge-case of writing empty token file
+
+---
+ agents/ibm_vpc/fence_ibm_vpc.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py
+index 035a3235..efda5eed 100755
+--- a/agents/ibm_vpc/fence_ibm_vpc.py
++++ b/agents/ibm_vpc/fence_ibm_vpc.py
+@@ -105,6 +105,8 @@ def get_bearer_token(conn, options):
+ 			except Exception as e:
+ 				logging.error("Failed: Unable to authenticate: {}".format(e))
+ 				fail(EC_LOGIN_DENIED)
++			if len(token) < 1:
++				fail(EC_LOGIN_DENIED)
+ 			file_obj.write(token)
+ 	finally:
+ 		os.umask(oldumask)
+@@ -152,6 +154,14 @@ def connect(opt):
+ 	# set auth token for later requests
+ 	conn = set_bearer_token(conn, bearer_token)
+ 
++	try:
++		command = "instances?version=2021-05-25&generation=2&limit=1"
++		res = send_command(conn, opt, command)
++	except Exception as e:
++		logging.warning("Failed to login/connect. Updating bearer-token.")
++		bearer_token = get_bearer_token(conn, opt)
++		conn = set_bearer_token(conn, bearer_token)
++
+ 	return conn
+ 
+ def disconnect(conn):
+-- 
+2.25.1
+
diff --git a/backport-fence_sbd-Add-crashdump-option.patch b/backport-fence_sbd-Add-crashdump-option.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6659a27677a2e3554c6cfdbb64893ce7625bf65d
--- /dev/null
+++ b/backport-fence_sbd-Add-crashdump-option.patch
@@ -0,0 +1,88 @@
+From c55bf9761949834c33755a70474f5716c01c43d0 Mon Sep 17 00:00:00 2001
+From: xin liang <xliang@suse.com>
+Date: Mon, 24 Mar 2025 18:01:00 +0800
+Subject: [PATCH] fence_sbd: Add crashdump option
+
+The parameter tells fence agent to message a "crashdump"
+poison pill rather than "reset/off" through sbd device.
+---
+ agents/sbd/fence_sbd.py           | 24 +++++++++++++++++++++---
+ tests/data/metadata/fence_sbd.xml |  5 +++++
+ 2 files changed, 26 insertions(+), 3 deletions(-)
+
+diff --git a/agents/sbd/fence_sbd.py b/agents/sbd/fence_sbd.py
+index bebc7fae..e27bf863 100644
+--- a/agents/sbd/fence_sbd.py
++++ b/agents/sbd/fence_sbd.py
+@@ -192,6 +192,7 @@ def set_power_status(conn, options):
+ 
+     target_status = options["--action"]
+     plug = options["--plug"]
++    enable_crashdump = "--crashdump" in options
+     return_code = 99
+     out = ""
+     err = ""
+@@ -200,9 +201,11 @@ def set_power_status(conn, options):
+     if "on" == target_status:
+         (return_code, out, err) = send_sbd_message(conn, options, plug, "clear")
+     elif "off" == target_status:
+-        (return_code, out, err) = send_sbd_message(conn, options, plug, "off")
++        msg = "crashdump" if enable_crashdump else "off"
++        (return_code, out, err) = send_sbd_message(conn, options, plug, msg)
+     elif "reboot" == target_status:
+-        (return_code, out, err) = send_sbd_message(conn, options, plug, "reset")
++        msg = "crashdump" if enable_crashdump else "reset"
++        (return_code, out, err) = send_sbd_message(conn, options, plug, msg)
+ 
+     if 0 != return_code:
+         logging.error("sending message to sbd device(s) \
+@@ -357,6 +360,21 @@ Comma separated list of sbd devices",
+         "order": 200
+         }
+ 
++    all_opt["crashdump"] = {
++        "getopt" : "",
++        "longopt" : "crashdump",
++        "help" : "--crashdump                    Enable crashdump, default is disabled",
++        "required" : "0",
++        "shortdesc" : "Crashdump instead of regular fence",
++        "longdesc" : "If SBD is given a fence command, this option will perform a \
++kernel crash instead of a reboot or power-off, which on a properly configured \
++system can lead to a crashdump for analysis. \
++\nWARNING:\n \
++This is unsafe for production environments. Please use with caution \
++and for debugging purposes only.",
++        "order": 201
++        }
++
+ 
+ def sbd_daemon_is_running():
+     """Check if the sbd daemon is running
+@@ -390,7 +408,7 @@ def main():
+     """
+     # We need to define "no_password" otherwise we will be ask about it if
+     # we don't provide any password.
+-    device_opt = ["no_password", "devices", "port", "method", "sbd_path"]
++    device_opt = ["no_password", "devices", "port", "method", "sbd_path", "crashdump"]
+ 
+     # close stdout if we get interrupted
+     atexit.register(atexit_handler)
+diff --git a/tests/data/metadata/fence_sbd.xml b/tests/data/metadata/fence_sbd.xml
+index c2daf0c5..ae6cfa6e 100644
+--- a/tests/data/metadata/fence_sbd.xml
++++ b/tests/data/metadata/fence_sbd.xml
+@@ -114,6 +114,11 @@
+ 		<content type="second" default="1"  />
+ 		<shortdesc lang="en">Sleep X seconds between status calls during a STONITH action</shortdesc>
+ 	</parameter>
++	<parameter name="crashdump" unique="0" required="0">
++		<getopt mixed="--crashdump" />
++		<content type="boolean"  />
++		<shortdesc lang="en">Crashdump instead of regular fence</shortdesc>
++	</parameter>
+ 	<parameter name="retry_on" unique="0" required="0">
+ 		<getopt mixed="--retry-on=[attempts]" />
+ 		<content type="integer" default="1"  />
+-- 
+2.25.1
+
diff --git a/fence-agents.spec b/fence-agents.spec
index d54a31cc1723fc697e2f55edccc776c4a0b2f705..4a7f6680f8f6f9e7690d280f0aec776ebab6f39f 100644
--- a/fence-agents.spec
+++ b/fence-agents.spec
@@ -6,7 +6,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.16.0
-Release: 4
+Release: 5
 License: GPL-2.0-or-later and LGPL-2.0-or-later
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@@ -19,6 +19,8 @@ Patch4: backport-fence_azure_arm-use-azure-identity-instead-of-msrest.patch
 Patch5: backport-azure_fence.py-fix-managed-identity-authentication-6.patch
 Patch6: backport-fence_nutanix_ahv-Handle-API-rate-limits-604.patch
 Patch7: backport-fence_compute-fence_evacuate-dont-use-deprecated-ins.patch
+Patch8: backport-fence_ibm_vpc-refresh-bearer-token-in-connect-if-tok.patch
+Patch9: backport-fence_sbd-Add-crashdump-option.patch
 # skipped: pve, raritan, rcd-serial, virsh
 %global allfenceagents %(cat <<EOF
 fence-agents-alom \\
@@ -1184,6 +1186,10 @@ are located on corosync cluster nodes.
 %{_libdir}/fence-virt/cpg.so
 
 %changelog
+* Tue Nov 04 2025 bizhiyuan <bizhiyuan@kylinos.cn> - 4.16.0-5
+- fence_ibm_vpc: refresh bearer-token in connect() if tokendata is corrupt, and avoid edge-case of writing empty token file
+- fence_sbd: Add crashdump option
+
 * Wed Oct 22 2025 bizhiyuan <bizhiyuan@kylinos.cn> - 4.16.0-4
 - azure_fence.py: fix managed identity authentication
 - fence_nutanix_ahv: Handle API rate limits