https://bugs.winehq.org/show_bug.cgi?id=48171
--- Comment #10 from Richard Yao ryao@gentoo.org --- It just hit me after posting my last comment. What is being read is "${HOME}/.steam/steam/SteamApps/common/Proton 5.0/dist/lib64/wine/fakedlls/gdi32.dll", which is exactly 0x9be0 bytes. Coincidentally, .init starts right after it. Inside the fakedll, we have a long section of 3 repeating instructions before any useful code:
10001a7e: 00 00 add %al,(%rax) 10001a80: cc int3 10001a81: c3 retq
I am not sure what build of wine Louis Lenders used, but my guess is that it was proton 5.0 (lucky me). Also, objdump stubbornly displaying addresses like 0x10001a80 on the fakedll, which is consistent with Yurii Kolesnykov's backtrace.
It looks like the issue involves how the fakedll works. At the very least, the fakedll seems like the most plausible source of the code being loaded into the 0x11000 sized hole. It certainly is big enough to contain it. This might be a lead.