From a9f492b605e8e18966a632169c0399e4d75986c6 Mon Sep 17 00:00:00 2001
From: Eladash <elad3356p@gmail.com>
Date: Tue, 17 Mar 2020 05:08:02 +0200
Subject: [PATCH] sys_spu: Fix oops in sys_raw_spu_destroy after #7782

'id' is not the idm id, also explicitly join the thread so a situation where the thread is still active and communicating other threads (e.g via MMIO or MFC) yet its ID is removed won't happen. (logic breakage, destroyed thread can't be  active)
---
 rpcs3/Emu/Cell/lv2/sys_spu.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rpcs3/Emu/Cell/lv2/sys_spu.cpp b/rpcs3/Emu/Cell/lv2/sys_spu.cpp
index beff6092e3..28ebbd6c42 100644
--- a/rpcs3/Emu/Cell/lv2/sys_spu.cpp
+++ b/rpcs3/Emu/Cell/lv2/sys_spu.cpp
@@ -1690,7 +1690,9 @@ error_code sys_raw_spu_destroy(ppu_thread& ppu, u32 id)
 
 	sys_spu.warning("sys_raw_spu_destroy(id=%d)", id);
 
-	auto thread = idm::get<named_thread<spu_thread>>(spu_thread::find_raw_spu(id), [](named_thread<spu_thread>& thread)
+	const u32 idm_id = spu_thread::find_raw_spu(id);
+
+	auto thread = idm::get<named_thread<spu_thread>>(idm_id, [](named_thread<spu_thread>& thread)
 	{
 		// Stop thread
 		thread.state += cpu_flag::exit;
@@ -1745,7 +1747,9 @@ error_code sys_raw_spu_destroy(ppu_thread& ppu, u32 id)
 			idm::remove_verify<lv2_obj, lv2_int_serv>(pair.second, std::move(pair.first));
 	}
 
-	if (!idm::remove_verify<named_thread<spu_thread>>(id, std::move(thread)))
+	(*thread)();
+
+	if (!idm::remove_verify<named_thread<spu_thread>>(idm_id, std::move(thread)))
 	{
 		// Other thread destroyed beforehead
 		return CELL_ESRCH;