fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. CREATE(Triage):(User=admin) [CVE-2019-18885|https://nvd.nist.gov/vuln/detail/CVE-2019-18885]