In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix null deref accessing lag dev
It could be the lag dev is null so stop processing the event. In bondenslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bondmasterupperdev_link() there is a second event and in that event we have an upper dev.