Description:
In kernel testing/linux 4.0-2 with RTL8188CE wifi controller using driver rtl8192ce when sharing my network connection via wifi with network manager leads to a kernel crash due to null pointer dereference:

Apr 28 11:33:19 bugbox kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000006
Apr 28 11:33:19 bugbox kernel: IP: [<ffffffffa07a799e>] rtl_get_tcb_desc+0x5e/0x770 [rtlwifi]
Apr 28 11:33:19 bugbox kernel: PGD 408898067 PUD 40997e067 PMD 0
Apr 28 11:33:19 bugbox kernel: Oops: 0002 [#1] PREEMPT SMP
Apr 28 11:33:19 bugbox kernel: Modules linked in: fuse snd_hda_codec_hdmi btrfs joydev mousedev xor raid6_pq snd_hda_codec_realtek snd_hda_codec_generic bridge stp ipt_MASQUERADE llc nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat xt_tcpudp nf_conntrack_ipv4 nf_def
Apr 28 11:33:19 bugbox kernel: drm_kms_helper libps2 ablk_helper snd_hda_codec mac_hid cryptd evdev cfg80211 drm i2c_i801 e1000e pcspkr snd_hwdep snd_pcm i2c_algo_bit mei_me i2c_core lpc_ich thinkpad_acpi snd_timer wmi ptp thermal nvram mei rfkill i8042 snd hwmon tpm_ti
Apr 28 11:33:19 bugbox kernel: CPU: 2 PID: 485 Comm: wpa_supplicant Tainted: G O 4.0.0-2-ARCH #1
Apr 28 11:33:19 bugbox kernel: Hardware name: LENOVO 2441CTO/2441CTO, BIOS G5ETA0WW (2.60 ) 08/22/2014
Apr 28 11:33:19 bugbox kernel: task: ffff880408a30000 ti: ffff880408c28000 task.ti: ffff880408c28000
Apr 28 11:33:19 bugbox kernel: RIP: 0010:[<ffffffffa07a799e>] [<ffffffffa07a799e>] rtl_get_tcb_desc+0x5e/0x770 [rtlwifi]
Apr 28 11:33:19 bugbox kernel: RSP: 0018:ffff880408c2b6a8 EFLAGS: 00010086
Apr 28 11:33:19 bugbox kernel: RAX: 0000000000000000 RBX: ffff880408a406a0 RCX: 0000000000000000
Apr 28 11:33:19 bugbox kernel: RDX: 0000000000000000 RSI: ffff880408a42028 RDI: ffff880408a406a0
Apr 28 11:33:19 bugbox kernel: RBP: ffff880408c2b6e8 R08: 0000000000000000 R09: 0000000000000000
Apr 28 11:33:19 bugbox kernel: R10: ffffffffa07c7000 R11: ffffffff818278c0 R12: ffff8803e29d6e28
Apr 28 11:33:19 bugbox kernel: R13: ffff88040154f960 R14: 0000000000000080 R15: ffff880408a41ae0
Apr 28 11:33:19 bugbox kernel: FS: 00007f0b8b80c700(0000) GS:ffff88041dc80000(0000) knlGS:0000000000000000
Apr 28 11:33:19 bugbox kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 28 11:33:19 bugbox kernel: CR2: 0000000000000006 CR3: 0000000403afb000 CR4: 00000000001407e0
Apr 28 11:33:19 bugbox kernel: Stack:
Apr 28 11:33:19 bugbox kernel: ffff8803e29d6e30 000000010154f960 ffff880408c2b6e8 ffff880408a41ae0
Apr 28 11:33:19 bugbox kernel: ffff88040154f960 ffff880037656000 ffff880408a406a0 0000000000000000
Apr 28 11:33:19 bugbox kernel: ffff880408c2b768 ffffffffa06cc756 ffff880408c2b780 0000000000000000
Apr 28 11:33:19 bugbox kernel: Call Trace:
Apr 28 11:33:19 bugbox kernel: [<ffffffffa06cc756>] rtl92ce_tx_fill_desc+0x1a6/0x740 [rtl8192ce]
Apr 28 11:33:19 bugbox kernel: [<ffffffffa06f1123>] ? rate_control_get_rate+0xd3/0xe0 [mac80211]
Apr 28 11:33:19 bugbox kernel: [<ffffffffa07c3b02>] rtl_pci_tx+0x1a2/0x440 [rtl_pci]
Apr 28 11:33:19 bugbox kernel: [<ffffffffa07abb1e>] rtl_op_bss_info_changed+0x50e/0x820 [rtlwifi]
Apr 28 11:33:19 bugbox kernel: [<ffffffffa06d7e2e>] ieee80211_bss_info_change_notify+0xbe/0x210 [mac80211]
Apr 28 11:33:19 bugbox kernel: [<ffffffffa06f7690>] ieee80211_start_ap+0x400/0x4c0 [mac80211]
Apr 28 11:33:19 bugbox kernel: [<ffffffffa05a63bf>] nl80211_start_ap+0x32f/0x630 [cfg80211]
Apr 28 11:33:19 bugbox kernel: [<ffffffff814a0247>] genl_family_rcv_msg+0x1e7/0x3f0
Apr 28 11:33:19 bugbox kernel: [<ffffffff81569572>] ? __schedule+0x382/0xa00
Apr 28 11:33:19 bugbox kernel: [<ffffffff814a0450>] ? genl_family_rcv_msg+0x3f0/0x3f0
Apr 28 11:33:19 bugbox kernel: [<ffffffff814a04c9>] genl_rcv_msg+0x79/0xc0
Apr 28 11:33:19 bugbox kernel: [<ffffffff8149f439>] netlink_rcv_skb+0xb9/0xe0
Apr 28 11:33:19 bugbox kernel: [<ffffffff814a004c>] genl_rcv+0x2c/0x40
Apr 28 11:33:19 bugbox kernel: [<ffffffff8149eac0>] netlink_unicast+0x120/0x1b0
Apr 28 11:33:19 bugbox kernel: [<ffffffff8149f154>] netlink_sendmsg+0x534/0x640
Apr 28 11:33:19 bugbox kernel: [<ffffffff81450a22>] do_sock_sendmsg+0x52/0x80
Apr 28 11:33:19 bugbox kernel: [<ffffffff81452020>] ___sys_sendmsg+0x330/0x340
Apr 28 11:33:19 bugbox kernel: [<ffffffff8118c166>] ? handle_mm_fault+0xc76/0x1750
Apr 28 11:33:19 bugbox kernel: [<ffffffff81212d7c>] ? fsnotify+0x3ac/0x580
Apr 28 11:33:19 bugbox kernel: [<ffffffff814531e1>] __sys_sendmsg+0x51/0x90
Apr 28 11:33:19 bugbox kernel: [<ffffffff81453232>] SyS_sendmsg+0x12/0x20
Apr 28 11:33:19 bugbox kernel: [<ffffffff8156d8c9>] system_call_fastpath+0x12/0x17
Apr 28 11:33:19 bugbox kernel: Code: 0f 88 37 04 00 00 0f b6 76 04 48 8b 4f 38 48 8b b4 f1 d8 00 00 00 48 8d 0c 40 48 8b 46 08 48 8d 04 88 48 85 c0 74 08 0f b7 40 06 <41> 88 40 06 44 89 f0 83 e0 0c 66 83 f8 08 74 32 41 0f b6 40 03
Apr 28 11:33:19 bugbox kernel: RIP [<ffffffffa07a799e>] rtl_get_tcb_desc+0x5e/0x770 [rtlwifi]


Additional info:
* testing/linux 4.0-2


Steps to reproduce:
Configure network sharing in network-manager, enable the sharing, system freezes instantly.