diff --git a/Fix-BUG-in-calc_seckey.patch b/Fix-BUG-in-calc_seckey.patch
new file mode 100644
index 0000000..e5b6679
--- /dev/null
+++ b/Fix-BUG-in-calc_seckey.patch
@@ -0,0 +1,58 @@
+From patchwork Mon Oct 17 20:40:22 2016
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: Fix BUG() in calc_seckey()
+From: Sachin Prabhu <sprabhu@redhat.com>
+X-Patchwork-Id: 9380527
+Message-Id: <1476736822-30098-1-git-send-email-sprabhu@redhat.com>
+To: linux-cifs <linux-cifs@vger.kernel.org>
+Date: Mon, 17 Oct 2016 16:40:22 -0400
+
+Andy Lutromirski's new virtually mapped kernel stack allocations moves
+kernel stacks the vmalloc area. This triggers the bug
+ kernel BUG at ./include/linux/scatterlist.h:140!
+at calc_seckey()->sg_init()
+
+Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
+Reviewed-by: Jeff Layton <jlayton@redhat.com>
+---
+ fs/cifs/cifsencrypt.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
+index 8347c90..5eb0412 100644
+--- a/fs/cifs/cifsencrypt.c
++++ b/fs/cifs/cifsencrypt.c
+@@ -808,7 +808,11 @@ calc_seckey(struct cifs_ses *ses)
+ 	struct crypto_skcipher *tfm_arc4;
+ 	struct scatterlist sgin, sgout;
+ 	struct skcipher_request *req;
+-	unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
++	unsigned char *sec_key;
++
++	sec_key = kmalloc(CIFS_SESS_KEY_SIZE, GFP_KERNEL);
++	if (sec_key == NULL)
++		return -ENOMEM;
+ 
+ 	get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
+ 
+@@ -816,7 +820,7 @@ calc_seckey(struct cifs_ses *ses)
+ 	if (IS_ERR(tfm_arc4)) {
+ 		rc = PTR_ERR(tfm_arc4);
+ 		cifs_dbg(VFS, "could not allocate crypto API arc4\n");
+-		return rc;
++		goto out;
+ 	}
+ 
+ 	rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
+@@ -854,7 +858,8 @@ calc_seckey(struct cifs_ses *ses)
+ 
+ out_free_cipher:
+ 	crypto_free_skcipher(tfm_arc4);
+-
++out:
++	kfree(sec_key);
+ 	return rc;
+ }
+ 
diff --git a/gitrev b/gitrev
index d09f7f0..b4a52f2 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-81bcfe5e48f9b8c42cf547f1c74c7f60c44c34c8
+961b708e95181041f403251f660bc70be3ff6ba3
diff --git a/kernel.spec b/kernel.spec
index e09427f..288b837 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %global rcrev 5
 # The git snapshot level
-%define gitrev 2
+%define gitrev 3
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -617,6 +617,8 @@ Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
 #ongoing complaint, full discussion delayed until ksummit/plumbers
 Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch
 
+Patch850: Fix-BUG-in-calc_seckey.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2155,6 +2157,10 @@ fi
 #
 #
 %changelog
+* Thu Nov 17 2016 Laura Abbott <labbott@redhat.com> - 4.9.0-0.rc5.git3.1
+- Linux v4.9-rc5-213-g961b708
+- Fix CIFS bug with VMAP_STACK
+
 * Wed Nov 16 2016 Laura Abbott <labbott@redhat.com> - 4.9.0-0.rc5.git2.1
 - Linux v4.9-rc5-177-g81bcfe5
 
diff --git a/sources b/sources
index 66885f2..ffd459a 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
 c1af0afbd3df35c1ccdc7a5118cd2d07  linux-4.8.tar.xz
 0dad03f586e835d538d3e0d2cbdb9a28  perf-man-4.8.tar.gz
 fd321483a21a5aec8b8795be3b2a292b  patch-4.9-rc5.xz
-43d5b4731f077459109880c329c9639d  patch-4.9-rc5-git2.xz
+899359ca82c956d4bd94b0ba48d730ac  patch-4.9-rc5-git3.xz