NULL pointer dereference error with Wilink8 R8.6 on ProcessorSDK 1.03 on AM335x

Customer reporting a NULL pointer dereference error with  Wilink8 R8.6 on ProcessorSDK 1.03 on AM335x on their own hardware.

It involves a call to cfg80211_prepare_cqm() with the first argument ‘dev’ (R0) being null.  dev comes from sdata->dev in ieee80211_cqm_rssi_notify() and sdata comes from vif_to_sdata(vif).  vif is passed in from wlcore_event_rssi_trigger() which is an interrupt handler.  vif there comes from wl12xx_for_each_wlvif_sta(wl, wlvif). 

Anyone seen this error before? How to debug?

Initial error below (can provide full dmesg if needed).

[1912400.918442] wlan0: deauthenticated from 4c:60:de:fd:55:c6 (Reason: 7=CLASS3_FRAME_FROM_NONASSOC_STA)

[1912400.978910] cfg80211: Calling CRDA to update world regulatory domain

[1912401.048290] Unable to handle kernel NULL pointer dereference at virtual address 000001ac

[1912401.057033] pgd = c0004000

[1912401.060067] [000001ac] *pgd=00000000

[1912401.064048] Internal error: Oops: 17 [#1] ARM

[1912401.068813] Modules linked in: usb_f_ecm g_ether usb_f_rndis libcomposite u_ether wl18xx(O) wlcore(O) mac80211(O) cfg80211(O) wakeup_source sync_out....wlcore_sdio(O) compat(O) ir

[1912401.090128] CPU: 0 PID: 1434 Comm: irq/175-wl18xx Tainted: G        W  O 3.14.43+ #5

[1912401.098458] task: c428d880 ti: c5fc4000 task.ti: c5fc4000

[1912401.104449] PC is at cfg80211_prepare_cqm+0x10/0x148 [cfg80211]

[1912401.110857] LR is at cfg80211_cqm_rssi_notify+0x28/0x7c [cfg80211]

[1912401.117486] pc : [<bf0491e8>]    lr : [<bf04d6c4>]    psr: 600f0113

[1912401.117486] sp : c5fc5d98  ip : c5fc5dc8  fp : c5fc5dc4

[1912401.129821] r10: c40b7d40  r9 : bf114e7c  r8 : c40e5360

[1912401.135449] r7 : 00000002  r6 : 000000d0  r5 : c40e5480  r4 : 00000001

[1912401.142436] r3 : 00000000  r2 : 000000d0  r1 : 00000000  r0 : 00000000

[1912401.149427] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel

[1912401.157299] Control: 10c5387d  Table: 85da0019  DAC: 00000015

[1912401.163529] Process irq/175-wl18xx (pid: 1434, stack limit = 0xc5fc4238)

[1912401.170761] Stack: (0xc5fc5d98 to 0xc5fc6000)

[1912401.175532] 5d80:                                                       c5fc5dcc c5fc5da8