I managed to trigger a NULL pointer dereference by perhaps an incorrect usage of "ip" tool. 

I will be happy to provide more details if necessary. Here is the backtrace for now.

# ip link  del em1.57
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffffa03c356f>] garp_uninit_applicant+0x2f/0xd0 [garp]
PGD 47ce2f1067 PUD 47cbc15067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map
CPU 15 
Modules linked in: bridge xt_comment ipt_LOG xt_limit fuse bonding 8021q garp stp llc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 xfs exportfs power_meter dcdbas microcode sb_edac edac_core iTCO_wdt iTCO_vendor_support shpchp sg tg3 ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif ahci wmi megaraid_sas dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]

Pid: 27564, comm: ip Not tainted 2.6.32-279.el6.x86_64 #1 Dell Inc. PowerEdge R720/0VWT90
RIP: 0010:[<ffffffffa03c356f>]  [<ffffffffa03c356f>] garp_uninit_applicant+0x2f/0xd0 [garp]
RSP: 0018:ffff8847ce2e38a8  EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8823cdc8e020 RCX: ffff8847cc6c0080
RDX: ffffffff81b12200 RSI: ffffffffa03cfa20 RDI: ffff8823cdc8e020
RBP: ffff8847ce2e38c8 R08: ffffffff81b12200 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8823cdc8e020
R13: ffffffffa03cfa20 R14: 0000000000000000 R15: ffff8823cdab26c0
FS:  00007fe26eef1700(0000) GS:ffff8824aece0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 00000047cce94000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process ip (pid: 27564, threadinfo ffff8847ce2e2000, task ffff8847cc6c0080)
Stack:
 ffff8823cdc8e020 0000000000000039 ffff8847cf7b4020 ffffffffa0141d80
<d> ffff8847ce2e38d8 ffffffffa03ce085 ffff8847ce2e3918 ffffffffa03cb420
<d> 00000000ffffffa6 ffffffff8200cec0 ffff8847cc914810 0000000000000001
Call Trace:
 [<ffffffffa03ce085>] vlan_gvrp_uninit_applicant+0x15/0x20 [8021q]
 [<ffffffffa03cb420>] unregister_vlan_dev+0xf0/0x190 [8021q]
 [<ffffffff81448ae0>] rtnl_dellink+0xd0/0x110
 [<ffffffff81448837>] rtnetlink_rcv_msg+0x177/0x290
 [<ffffffff814486c0>] ? rtnetlink_rcv_msg+0x0/0x290
 [<ffffffff81463df9>] netlink_rcv_skb+0xa9/0xd0
 [<ffffffff814486a5>] rtnetlink_rcv+0x25/0x40
 [<ffffffff81463a56>] netlink_unicast+0x2e6/0x300
 [<ffffffff814643e0>] netlink_sendmsg+0x200/0x2e0
 [<ffffffff81428003>] sock_sendmsg+0x123/0x150
 [<ffffffff810920d0>] ? autoremove_wake_function+0x0/0x40
 [<ffffffff81427c24>] ? move_addr_to_kernel+0x64/0x70
 [<ffffffff81429b56>] __sys_sendmsg+0x406/0x420
 [<ffffffff8104452c>] ? __do_page_fault+0x1ec/0x480
 [<ffffffff8114328b>] ? vma_link+0x9b/0xf0
 [<ffffffff811453bc>] ? do_brk+0x26c/0x350
 [<ffffffff81429d79>] sys_sendmsg+0x49/0x90
 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 48 83 ec 20 48 89 1c 24 4c 89 64 24 08 4c 89 6c 24 10 4c 89 74 24 18 0f 1f 44 00 00 8b 06 4c 8b b7 28 04 00 00 49 89 fc 49 89 f5 <49> 8b 1c c6 e8 38 46 08 e1 85 c0 74 6f 41 8b 45 00 49 c7 04 c6 
RIP  [<ffffffffa03c356f>] garp_uninit_applicant+0x2f/0xd0 [garp]
 RSP <ffff8847ce2e38a8>
CR2: 0000000000000000