diff --git a/.vscode/settings.json b/.vscode/settings.json
index c4a542192..5b6bf9c5d 100755
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -68,7 +68,8 @@
         "irq_sender.h": "c",
         "timer.h": "c",
         "arm_local_reg.h": "c",
-        "thread_task_arch.h": "c"
+        "thread_task_arch.h": "c",
+        "mm_space.h": "c"
     },
     "cortex-debug.showRTOS": false,
     "cortex-debug.variableUseNaturalFormat": false,
diff --git a/mkrtos_knl/arch/aarch64/mm_space.c b/mkrtos_knl/arch/aarch64/mm_space.c
index 3b7d0b89b..613eba0cc 100644
--- a/mkrtos_knl/arch/aarch64/mm_space.c
+++ b/mkrtos_knl/arch/aarch64/mm_space.c
@@ -20,8 +20,8 @@ int mm_space_init(mm_space_t *mm_space, int is_knl)
     int ret = 0;
 
     page_entry_init(&mm_space->mem_dir);
-    mm_space->asid = global_asid++;
     ret = task_vma_init(&mm_space->mem_vma);
+    mm_space->asid = global_asid++;
 
     return ret;
 }
diff --git a/mkrtos_knl/arch/aarch64/sche_arch.c b/mkrtos_knl/arch/aarch64/sche_arch.c
index ee19a761e..5752c1728 100644
--- a/mkrtos_knl/arch/aarch64/sche_arch.c
+++ b/mkrtos_knl/arch/aarch64/sche_arch.c
@@ -17,7 +17,8 @@ static void sw_mmu(thread_t *next_thread)
         write_sysreg(p_next_dir | (next_task->mm_space.asid << 48) /*TODO:*/, vttbr_el2); // 切换用户态页表
         _dsb(ish);
         _isb();
-        asm volatile("ic iallu");
+        // printk("asid:%lx.\n", (next_task->mm_space.asid << 48));
+        // asm volatile("ic iallu");
 
         // mword_t vttbr;
         // // FIXME: could do a compare for the current VMID before loading
diff --git a/mkrtos_knl/arch/aarch64/thread_armv8.c b/mkrtos_knl/arch/aarch64/thread_armv8.c
index 7582ca1b4..69360b80e 100644
--- a/mkrtos_knl/arch/aarch64/thread_armv8.c
+++ b/mkrtos_knl/arch/aarch64/thread_armv8.c
@@ -1,12 +1,12 @@
 
 
-#include <types.h>
-#include <task.h>
-#include <thread.h>
 #include <esr.h>
 #include <syscall.h>
-#include <vma.h>
+#include <task.h>
+#include <thread.h>
 #include <thread_knl.h>
+#include <types.h>
+#include <vma.h>
 umword_t thread_get_pfa(void)
 {
     umword_t a;
@@ -16,13 +16,17 @@ umword_t thread_get_pfa(void)
 }
 static void dump_stack(umword_t pc, umword_t x29)
 {
+    task_t *th = thread_get_current_task();
     uint64_t result[5];
+
     printk("pc:0x%x x29:0x%x\n", pc, x29);
-    result[0] = pc;
-    for (size_t i = 1; i < sizeof(result) / sizeof(umword_t); i++)
-    {
-        result[i] = (*(umword_t *)(x29 + 8)) - 4;
-        x29 = *(umword_t *)(x29);
+    for (size_t i = 0; i < sizeof(result) / sizeof(umword_t); i++) {
+        umword_t knl_addr;
+        knl_addr = (umword_t)mm_get_paddr(mm_space_get_pdir(&th->mm_space), ALIGN_DOWN(x29, PAGE_SIZE), PAGE_SHIFT) + (x29 - ALIGN_DOWN(x29, PAGE_SIZE));
+        if (knl_addr) {
+            result[i] = (*(umword_t *)(knl_addr + 8)) - 4;
+            x29 = *(umword_t *)(knl_addr);
+        }
     }
     printk("knl pf stack: 0x%x,0x%x,0x%x,0x%x,0x%x\n", result[0], result[1], result[2], result[3], result[4]);
 }
@@ -32,29 +36,23 @@ void thread_sync_entry(entry_frame_t *regs)
     thread_t *th = thread_get_current();
     task_t *tk = thread_get_bind_task(th);
 
-    switch (ec)
-    {
-    case 0x20:
-    {
+    switch (ec) {
+    case 0x20: {
         mword_t addr = thread_get_pfa();
 
-        if (task_vma_page_fault(&tk->mm_space.mem_vma, ALIGN_DOWN(addr, PAGE_SIZE)) < 0)
-        {
+        if (task_vma_page_fault(&tk->mm_space.mem_vma, ALIGN_DOWN(addr, PAGE_SIZE)) < 0) {
             printk("[knl]0x20 pfa:0x%x\n", addr);
-            printk("pc:0x%x x29:0x%x\n", regs->pc, regs->regs[29]);
-            // dump_stack(regs->pc, regs->regs[29]);
+            dump_stack(regs->pc, regs->regs[29]);
             task_knl_kill(th, FALSE);
         }
     }
         return;
-    case 0x24:
-    {
+    case 0x24: {
         mword_t addr = thread_get_pfa();
 
-        if (task_vma_page_fault(&tk->mm_space.mem_vma, ALIGN_DOWN(addr, PAGE_SIZE)) < 0)
-        {
+        if (task_vma_page_fault(&tk->mm_space.mem_vma, ALIGN_DOWN(addr, PAGE_SIZE)) < 0) {
             printk("[knl]0x24 pfa:0x%x\n", addr);
-            // dump_stack(regs->pc, regs->regs[29]);
+            dump_stack(regs->pc, regs->regs[29]);
             task_knl_kill(th, FALSE);
         }
     }
diff --git a/mkrtos_knl/knl/syscall.c b/mkrtos_knl/knl/syscall.c
index 38bdb51a6..71177d819 100644
--- a/mkrtos_knl/knl/syscall.c
+++ b/mkrtos_knl/knl/syscall.c
@@ -43,6 +43,7 @@ void syscall_entry(entry_frame_t *entry)
     {
         kobj->invoke_func(kobj, sys_p, msg_tag_init(entry->regs[0]), entry);
     }
+    cli();
 end:;
 #if !IS_ENABLED(CONFIG_MMU)
     addr_t u_sp = arch_get_user_sp();
diff --git a/mkrtos_user/server/init/CMakeLists.txt b/mkrtos_user/server/init/CMakeLists.txt
index f6e64a6ea..7c347f34a 100644
--- a/mkrtos_user/server/init/CMakeLists.txt
+++ b/mkrtos_user/server/init/CMakeLists.txt
@@ -38,8 +38,8 @@ set_target_properties(init.elf PROPERTIES LINK_FLAGS
 #-T ${CMAKE_CURRENT_LIST_DIR}/link.lds
 add_custom_target(
     init_dump ALL
-    # COMMAND
-    # ${CMAKE_OBJDUMP} -s -S init.elf > ${CMAKE_SOURCE_DIR}/build/output/init.S
+    COMMAND
+    ${CMAKE_OBJDUMP} -s -S init.elf > ${CMAKE_SOURCE_DIR}/build/output/init.S
     # COMMAND
     # ${CMAKE_READELF} -a init.elf > ${CMAKE_SOURCE_DIR}/build/output/init.txt
     # COMMAND