Crash when increasing max zoom

[FLHerne]

Version of OpenTTD

1.11.0

Expected result

Not crash!

Actual result

Crash. Backtrace below.

Steps to reproduce

I increased max zoom from "normal" to 4x from the settings window inside a game. OpenTTD crashed immediately.

The game contains various grfs featuring both extra-zoom (Timberwolf's) and normal-zoom sprites. All should be on BaNaNaS.

I could intermittently reproduce this by loading crash.sav and then adjusting the zoom level. Sometimes the game crashed when changing it in either direction (normal to 4x or vice versa). Sometimes I got no crash, but a "[foo] contains corrupt sprites, showing '?' instead" error dialog, where [foo] was opengfx1 in one case and timberwolf_uk in another.

crash.zip

---

[22:17][1956][flh ~/]$ coredumpctl gdb openttd
           PID: 290126 (openttd)
           UID: 1000 (flh)
           GID: 1000 (flh)
        Signal: 6 (ABRT)
     Timestamp: Thu 2021-04-08 22:16:42 BST (30s ago)
  Command Line: /usr/bin/openttd
    Executable: /usr/bin/openttd
 Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-openttd-482ad5bfd310439fa077616d50d287b1.scope
          Unit: user@1000.service
     User Unit: app-openttd-482ad5bfd310439fa077616d50d287b1.scope
         Slice: user-1000.slice
     Owner UID: 1000 (flh)
       Boot ID: 1b39e0514bb44d158c80d26d1a66a147
    Machine ID: 9a97fce1de8e418286c8688a37c43255
      Hostname: perran
       Storage: /var/lib/systemd/coredump/core.openttd.1000.1b39e0514bb44d158c80d26d1a66a147.290126.1617916602000000.zst (present)
     Disk Size: 11.8M
       Message: Process 290126 (openttd) of user 1000 dumped core.

warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `/usr/bin/openttd'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007fddde5bfef5 in raise () from /usr/lib/libc.so.6
[Current thread is 1 (Thread 0x7fdd9ffff640 (LWP 290152))]
(gdb) thread apply all bt

Thread 2 (Thread 0x7fdddbbaa040 (LWP 290126)):
#0  0x00007fdddeaa06e0 in __lll_lock_wait () at /usr/lib/libpthread.so.0
#1  0x00007fdddea99573 in pthread_mutex_lock () at /usr/lib/libpthread.so.0
#2  0x000055ddb0ab840d in VideoDriver::Tick() ()
#3  0x000055ddb0ab4e51 in VideoDriver_SDL_Base::MainLoop() ()
#4  0x000055ddb0bc6c21 in openttd_main(int, char**) ()
#5  0x00007fddde5aab25 in __libc_start_main () at /usr/lib/libc.so.6
#6  0x000055ddb093c28e in _start ()

Thread 1 (Thread 0x7fdd9ffff640 (LWP 290152)):
#0  0x00007fddde5bfef5 in raise () at /usr/lib/libc.so.6
#1  0x00007fddde5a9862 in abort () at /usr/lib/libc.so.6
#2  0x000055ddb0a5c809 in  ()
#3  0x00007fddde5bff80 in <signal handler called> () at /usr/lib/libc.so.6
#4  0x000055ddb0b1265b in FioReadByte() ()
#5  0x000055ddb0b12849 in FioReadDword() ()
#6  0x000055ddb0aafd7f in  ()
#7  0x000055ddb0c2a475 in  ()
#8  0x000055ddb0c2a2d1 in GetRawSprite(unsigned int, SpriteType, void* (*)(unsigned long), SpriteEncoder*) ()
#9  0x000055ddb0c9d3b6 in VehicleSpriteSeq::GetBounds(Rect*) const ()
#10 0x000055ddb0c9ecba in Vehicle::UpdateBoundingBoxCoordinates(bool) const ()
#11 0x000055ddb0c9ee07 in Vehicle::UpdateViewport(bool) ()
#12 0x000055ddb0b3ffb8 in GroundVehicle<RoadVehicle, (VehicleType)1>::UpdateInclination(bool, bool) ()
#13 0x000055ddb0bff562 in IndividualRoadVehicleController(RoadVehicle*, RoadVehicle const*) ()
#14 0x000055ddb0c01803 in RoadVehicle::Tick() ()
#15 0x000055ddb0ca1fce in CallVehicleTicks() ()
#16 0x000055ddb0bc8de2 in StateGameLoop() ()
#17 0x000055ddb0bc99b2 in GameLoop() ()
#18 0x000055ddb0ab7d0a in VideoDriver::GameLoop() ()
#19 0x000055ddb0ab7dc0 in VideoDriver::GameThread() ()
#20 0x000055ddb0ab8860 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() ()
#21 0x00007fddde980bc4 in std::execute_native_thread_routine(void*) (__p=0x55ddb76eb530) at /build/gcc/src/gcc/libstdc++-v3/src/c++11/thread.cc:80
#22 0x00007fdddea97299 in start_thread () at /usr/lib/libpthread.so.0
#23 0x00007fddde682053 in clone () at /usr/lib/libc.so.6

[JGRennison]

Is this with OpenGL (hardware acceleration) on or off?

I managed to reproduce it once on the 1.11 release with the title save with OpenGL on and got an unusually exciting stack trace.

Stack trace

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007f02b31b8859 in __GI_abort () at abort.c:79
#2  0x000055d65563fd68 in error (s=<optimised out>) at /home/jgr/misc/openttd-stable/src/openttd.cpp:146
#3  0x000055d655760c7f in SlCalcObjMemberLength (object=<optimised out>, sld=<optimised out>) at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:1476
#4  0x000055d65575cd9f in SlCalcObjLength (sld=0x55d658a7c8c0, object=<optimised out>) at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:1442
#5  SlObject (object=0x7f01ecd1c990, sld=0x55d658a7c8c0) at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:1616
#6  0x000055d65576d76c in DoSave_LGRJ (lgj=lgj@entry=0x7f01ecd1c990) at /home/jgr/misc/openttd-stable/src/saveload/linkgraph_sl.cpp:166
#7  0x000055d65575cb78 in SlAutolength (proc=0x55d65576d750 <DoSave_LGRJ(LinkGraphJob*)>, arg=0x7f01ecd1c990) at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:1649
#8  0x000055d6557702bc in Save_LGRJ () at /home/jgr/misc/openttd-stable/src/saveload/linkgraph_sl.cpp:277
#9  0x000055d65575c019 in SlSaveChunk (ch=0x55d6559e59d0 <_linkgraph_chunk_handlers+48>) at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:1781
#10 SlSaveChunks () at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:1792
#11 DoSave (writer=<optimised out>, threaded=<optimised out>) at /home/jgr/misc/openttd-stable/src/saveload/saveload.cpp:2564
#12 0x000055d65575c942 in SaveOrLoad (filename=..., fop=SLO_SAVE, dft=<optimised out>, sb=NO_DIRECTORY, threaded=<optimised out>) at /home/jgr/misc/openttd-stable/src/saveload/saveload_filter.h:68
#13 0x000055d65570d674 in CrashLog::WriteSavegame (this=<optimised out>, filename=0x7f01fafe7300 "/home/jgr/.openttd/crash.sav", filename_last=<optimised out>) at /usr/include/c++/9/bits/basic_string.h:525
#14 0x000055d65570da95 in CrashLog::MakeCrashLog (this=0x7f01faff8340) at /home/jgr/misc/openttd-stable/src/crashlog.cpp:474
#15 0x000055d6557b12a2 in HandleCrash (signum=11) at /home/jgr/misc/openttd-stable/src/os/unix/crashlog_unix.cpp:172
#16 <signal handler called>
#17 0x00007f02af691ce9 in ?? () from /usr/lib/x86_64-linux-gnu/libGLdispatch.so.0
#18 0x000055d65574a7e2 in OpenGLBackend::~OpenGLBackend (this=<optimised out>, this=<optimised out>) at /home/jgr/misc/openttd-stable/src/video/opengl.cpp:501
#19 0x000055d65574a94d in OpenGLBackend::~OpenGLBackend (this=<optimised out>, this=<optimised out>) at /home/jgr/misc/openttd-stable/src/video/opengl.cpp:498
#20 0x000055d65574aa3a in OpenGLBackend::Destroy () at /home/jgr/misc/openttd-stable/src/video/opengl.cpp:484
#21 0x000055d65574aa8d in VideoDriver_SDL_OpenGL::DestroyContext (this=0x55d658521810) at /home/jgr/misc/openttd-stable/src/video/sdl2_opengl_v.cpp:86
#22 VideoDriver_SDL_OpenGL::Stop (this=0x55d658521810) at /home/jgr/misc/openttd-stable/src/video/sdl2_opengl_v.cpp:80
#23 0x000055d65563ffb2 in usererror (s=<optimised out>) at /home/jgr/misc/openttd-stable/src/sound/../driver.h:89
#24 0x000055d6555e596e in ReadSprite (sc=<optimised out>, id=723, sprite_type=<optimised out>, allocator=0x55d6555e4a10 <AllocSprite(size_t)>, encoder=0x55d658fa2490) at /home/jgr/misc/openttd-stable/src/spritecache.cpp:451
#25 0x000055d6555e5a93 in GetRawSprite (sprite=<optimised out>, type=<optimised out>, allocator=<optimised out>, encoder=<optimised out>) at /home/jgr/misc/openttd-stable/src/spritecache.cpp:904
#26 0x000055d6555e5006 in ReadSprite (sc=sc@entry=0x7f01eca5b3b0, id=id@entry=77, sprite_type=sprite_type@entry=ST_FONT, allocator=allocator@entry=0x55d6555e4a10 <AllocSprite(size_t)>, encoder=0x55d658fa2490, encoder@entry=0x0)
  at /home/jgr/misc/openttd-stable/src/spritecache.cpp:485
#27 0x000055d6555e5bb2 in GetRawSprite (sprite=77, type=<optimised out>, allocator=0x0, encoder=0x0) at /home/jgr/misc/openttd-stable/src/spritecache.cpp:899
#28 0x000055d6556e31b0 in GetSprite (type=ST_FONT, sprite=77) at /home/jgr/misc/openttd-stable/src/spritecache.h:43
#29 SpriteFontCache::GetGlyphWidth (this=0x55d65850b8f0, key=<optimised out>) at /home/jgr/misc/openttd-stable/src/fontcache.cpp:193
#30 0x000055d6556cbafc in FallbackParagraphLayout::FallbackVisualRun::FallbackVisualRun (this=<optimised out>, font=<optimised out>, chars=<optimised out>, char_count=<optimised out>, x=<optimised out>, this=<optimised out>, 
  font=<optimised out>, chars=<optimised out>, char_count=<optimised out>, x=<optimised out>) at /home/jgr/misc/openttd-stable/src/gfx_layout.cpp:346
#31 0x000055d6556cbc3e in __gnu_cxx::new_allocator<FallbackParagraphLayout::FallbackVisualRun>::construct<FallbackParagraphLayout::FallbackVisualRun, Font*&, char32_t const*&, long, int&> (this=0x7f01ecc29388, __p=0x7f01eca3ce60)
  at /usr/include/c++/9/new:174
#32 std::allocator_traits<std::allocator<FallbackParagraphLayout::FallbackVisualRun> >::construct<FallbackParagraphLayout::FallbackVisualRun, Font*&, char32_t const*&, long, int&> (__a=..., __p=0x7f01eca3ce60)
  at /usr/include/c++/9/bits/alloc_traits.h:484
#33 std::vector<FallbackParagraphLayout::FallbackVisualRun, std::allocator<FallbackParagraphLayout::FallbackVisualRun> >::_M_realloc_insert<Font*&, char32_t const*&, long, int&> (__position=..., this=0x7f01ecc29388)
  at /usr/include/c++/9/bits/vector.tcc:449
#34 std::vector<FallbackParagraphLayout::FallbackVisualRun, std::allocator<FallbackParagraphLayout::FallbackVisualRun> >::emplace_back<Font*&, char32_t const*&, long, int&> (this=0x7f01ecc29388) at /usr/include/c++/9/bits/vector.tcc:121
#35 0x000055d6556d0e73 in FallbackParagraphLayout::NextLine (this=0x7f01eccebb00, max_width=224) at /home/jgr/misc/openttd-stable/src/gfx_layout.cpp:588
#36 0x000055d6556d05d9 in Layouter::Layouter (this=<optimised out>, str=<optimised out>, maxw=<optimised out>, colour=<optimised out>, fontsize=<optimised out>, this=<optimised out>, str=<optimised out>, maxw=<optimised out>, 
  colour=<optimised out>, fontsize=<optimised out>) at /home/jgr/misc/openttd-stable/src/gfx_layout.cpp:735
#37 0x000055d6556dbb91 in GetStringHeight (str=<optimised out>, maxw=<optimised out>, fontsize=<optimised out>) at /home/jgr/misc/openttd-stable/src/gfx.cpp:691
#38 0x000055d6556dbc74 in GetStringHeight (str=<optimised out>, maxw=224) at /home/jgr/misc/openttd-stable/src/gfx.cpp:705
#39 0x000055d6556ee21b in ErrmsgWindow::UpdateWidgetSize (this=0x7f01ecbc93b0, widget=<optimised out>, size=0x7f01faff9b68, padding=..., fill=<optimised out>, resize=<optimised out>) at /home/jgr/misc/openttd-stable/src/error_gui.cpp:194
#40 0x000055d655544db0 in NWidgetLeaf::SetupSmallestSize (this=0x7f01ecbd1670, w=0x7f01ecbc93b0, init_array=<optimised out>) at /home/jgr/misc/openttd-stable/src/widget.cpp:2394
#41 0x000055d655545b20 in NWidgetVertical::SetupSmallestSize (this=0x7f01ecce4af0, w=0x7f01ecbc93b0, init_array=true) at /home/jgr/misc/openttd-stable/src/widget.cpp:1320
#42 0x000055d655544a6c in NWidgetBackground::SetupSmallestSize (this=0x7f01ecbc96b0, w=0x7f01ecbc93b0, init_array=<optimised out>) at /home/jgr/misc/openttd-stable/src/widget.cpp:1775
#43 0x000055d655545b20 in NWidgetVertical::SetupSmallestSize (this=0x7f01eca57d60, w=0x7f01ecbc93b0, init_array=true) at /home/jgr/misc/openttd-stable/src/widget.cpp:1320
#44 0x000055d65553c2b1 in Window::InitializeData (this=this@entry=0x7f01ecbc93b0, window_number=window_number@entry=0) at /home/jgr/misc/openttd-stable/src/window.cpp:1480
#45 0x000055d65553c2e6 in Window::FinishInitNested (this=0x7f01ecbc93b0, window_number=0) at /home/jgr/misc/openttd-stable/src/window.cpp:1850
#46 0x000055d6556eeeca in ErrmsgWindow::ErrmsgWindow (data=..., this=0x7f01ecbc93b0) at /home/jgr/misc/openttd-stable/src/error_gui.cpp:183
#47 ShowErrorMessage (summary_msg=2616, detailed_msg=<optimised out>, wl=<optimised out>, x=<optimised out>, y=0, textref_stack_grffile=0x0, textref_stack_size=0, textref_stack=0x0) at /home/jgr/misc/openttd-stable/src/error_gui.cpp:416
#48 0x000055d655755d0a in WarnCorruptSprite (file_slot=file_slot@entry=6 '\006', file_pos=file_pos@entry=3918216, line=line@entry=315) at /home/jgr/misc/openttd-stable/src/spriteloader/grf.cpp:40
#49 0x000055d65575670d in LoadSpriteV2 (sprite=0x7f01faffa660, file_slot=6 '\006', file_pos=3918216, sprite_type=ST_NORMAL, load_32bpp=false) at /home/jgr/misc/openttd-stable/src/spriteloader/grf.cpp:315
#50 0x000055d6555e4fdc in ReadSprite (sc=sc@entry=0x7f01eca70190, id=id@entry=2748, sprite_type=sprite_type@entry=ST_NORMAL, allocator=allocator@entry=0x55d6555e4a10 <AllocSprite(size_t)>, encoder=0x55d658fa2490, encoder@entry=0x0)
  at /home/jgr/misc/openttd-stable/src/spritecache.cpp:446
--Type <RET> for more, q to quit, c to continue without paging--
#51 0x000055d6555e5bb2 in GetRawSprite (sprite=2748, type=<optimised out>, allocator=0x0, encoder=0x0) at /home/jgr/misc/openttd-stable/src/spritecache.cpp:899
#52 0x000055d6555693ef in GetSprite (type=ST_NORMAL, sprite=<optimised out>) at /home/jgr/misc/openttd-stable/src/spritecache.h:43
#53 VehicleSpriteSeq::GetBounds (this=this@entry=0x7f01ec723730, bounds=bounds@entry=0x7f01faffa7a0) at /home/jgr/misc/openttd-stable/src/vehicle.cpp:102
#54 0x000055d6555694ae in Vehicle::UpdateBoundingBoxCoordinates (this=this@entry=0x7f01ec723570, update_cache=update_cache@entry=true) at /home/jgr/misc/openttd-stable/src/vehicle.cpp:1610
#55 0x000055d6555695fb in Vehicle::UpdateViewport (this=0x7f01ec723570, dirty=<optimised out>) at /home/jgr/misc/openttd-stable/src/vehicle.cpp:1644
#56 0x000055d65558265d in SpecializedVehicle<Train, (VehicleType)0>::UpdateViewport (update_delta=false, force_update=true, this=0x7f01ec723570) at /home/jgr/misc/openttd-stable/src/vehicle_base.h:1184
#57 SpecializedVehicle<Train, (VehicleType)0>::UpdateViewport (update_delta=false, force_update=true, this=0x7f01ec723570) at /home/jgr/misc/openttd-stable/src/vehicle_base.h:1184
#58 GroundVehicle<Train, (VehicleType)0>::UpdateInclination (update_delta=false, new_tile=<optimised out>, this=0x7f01ec723570) at /home/jgr/misc/openttd-stable/src/ground_vehicle.hpp:242
#59 TrainController (v=0x7f01ec723570, v@entry=0x7f01ec723330, nomove=nomove@entry=0x0, reverse=reverse@entry=true) at /home/jgr/misc/openttd-stable/src/train_cmd.cpp:3356
#60 0x000055d65558435a in TrainLocoHandler (mode=<optimised out>, v=0x7f01ec723330) at /home/jgr/misc/openttd-stable/src/train_cmd.cpp:3848
#61 TrainLocoHandler (v=v@entry=0x7f01ec723330, mode=mode@entry=true) at /home/jgr/misc/openttd-stable/src/train_cmd.cpp:3740
#62 0x000055d655584b46 in Train::Tick (this=0x7f01ec723330) at /home/jgr/misc/openttd-stable/src/train_cmd.cpp:3922
#63 0x000055d65556eb04 in CallVehicleTicks () at /home/jgr/misc/openttd-stable/src/vehicle.cpp:961
#64 0x000055d655645d6d in StateGameLoop () at /home/jgr/misc/openttd-stable/src/openttd.cpp:1400
#65 0x000055d6556489ff in GameLoop () at /home/jgr/misc/openttd-stable/src/openttd.cpp:1506
#66 GameLoop () at /home/jgr/misc/openttd-stable/src/openttd.cpp:1460
#67 0x000055d65574fee0 in VideoDriver::GameLoop (this=0x55d658521810) at /home/jgr/misc/openttd-stable/src/video/video_driver.cpp:36
#68 0x000055d6557502a8 in VideoDriver::GameThread (this=0x55d658521810) at /home/jgr/misc/openttd-stable/src/video/video_driver.cpp:43
#69 0x000055d65574d37d in StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}::operator()(char const*, void (*&&)(VideoDriver*), VideoDriver*&&) const (this=0x55d658e7b348, A#0=@0x55d658e7b348: 0x55d658521810, F=@0x55d658e7b350: 0x55d655750380 <VideoDriver::GameThreadThunk(VideoDriver*)>, name=<optimised out>)
  at /home/jgr/misc/openttd-stable/src/video/../thread.h:49
#70 std::__invoke_impl<void, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*>(std::__invoke_other, StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&&&)(VideoDriver*), VideoDriver*&&)#1}, char const*&&, void (*&&)(VideoDriver*), VideoDriver*&&) (__f=...) at /usr/include/c++/9/bits/invoke.h:60
#71 std::__invoke<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> (__fn=...) at /usr/include/c++/9/bits/invoke.h:95
#72 std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::_M_invoke<0ul, 1ul, 2ul, 3ul>(std::_Index_tuple<0ul, 1ul, 2ul, 3ul>) (this=0x55d658e7b348) at /usr/include/c++/9/thread:244
#73 std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> >::operator()() (this=0x55d658e7b348) at /usr/include/c++/9/thread:251
#74 std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() (this=0x55d658e7b340) at /usr/include/c++/9/thread:195
#75 0x00007f02b2881d84 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#76 0x00007f02b2995609 in start_thread (arg=<optimised out>) at pthread_create.c:477
#77 0x00007f02b32b5293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

WarnCorruptSprite is called, which creates an error message window, this attempts to show some text, loading a glyph sprite fails, loading the fallback sprite fails, which calls usererror, which calls VideoDriver_SDL_OpenGL::Stop which crashes inside OpenGL, there's then a crash when saving the linkgraph chunks in the crash savegame.

I suspect that this is related to the race conditions associated with cursor sprites in OpenGL (this is one of the issues in #8870).
The main/OpenGL thread unnecessarily gets the cursor sprites from the global sprite cache without holding any locks. (This isn't necessarily because the OpenGL does cache the cursor sprites along with all the required data, but it still looks up some of the sprite properties form the sprite cache each time).
As changing the zoom level clears the sprite cache, potentially both threads could end up writing sprites back into it at the same time, which would be consistent with causing an invalid state which could lead to this sort of crash.
The sprite cache, sprite processing and everything to do with fio cannot be used from more than one thread at once.

I do have a fix for the cursor issue and some of the other race conditions in my branch, but they need tidying up a bit before I can PR them.

[FLHerne]

I cannot reproduce the crash after cherry-picking the patches from #8993 onto 1.11.0.

As I could reproduce it fairly consistently with 1.11.0, that was apparently the correct fix. Thanks!