CVE-2020-1054

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try except.
Typically the address is just plain bad or it is pointing at freed memory. Arguments:
Arg1: fffffed68ca0d000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffffea0a686b9d2, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000002, (reserved)

nt!DbgBreakPointWithStatus
nt!KiBugCheckDebugBreak+0x12
nt!KeBugCheck2+0x952
nt!KeBugCheckEx+0x107
nt!MiSystemFault+0x1d6966
nt!MmAccessFault+0x34f
nt!KiPageFault+0x360
win32kfull!vStrWrite01+0x212
win32kfull!EngStretchBltNew+0xc89
win32kfull!EngStretchBlt+0xd1
win32kfull!EngStretchBltROP+0x158
win32kfull!BLTRECORD::bStretch+0x37f
win32kfull!GreStretchBltInternal+0x721
win32kfull!BltIcon+0x106
win32kfull!_DrawIconEx+0x1b1
win32kfull!NtUserDrawIconEx+0xc2
nt!KiSystemServiceCopyEnd+0x25
win32u!NtUserDrawIconEx+0x14
USER32!DrawIconEx+0xbf
repro+0x1095

Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffed68ca0d000 rsi=0000000000000000 rdi=0000000000000000
rip=fffffea0a686b9d2 rsp=ffffa182124ee9b0 rbp=ffffa182124eea19
 r8=fffffed58a19efa0  r9=0000000000000020 r10=fffffea0a6800000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz ac po cy
win32kfull!vStrWrite01+0x212:
fffffea0`a686b9d2 458b7500        mov     r14d,dword ptr [r13] ds:00000000`00000000=????????