diff --git a/syscall/task.c b/syscall/task.c
index e164d44..ee3395d 100644
--- a/syscall/task.c
+++ b/syscall/task.c
@@ -540,18 +540,19 @@ kern_status_t sys_task_duplicate(
 		return status;
 	}
 
-	schedule_thread_on_cpu(new_thread);
-
 	child_handle_slot->h_object = &new_task->t_base;
-	space_handle_slot->h_object = &new_task->t_address_space->s_base;
+	space_handle_slot->h_object
+		= object_ref(&new_task->t_address_space->s_base);
 	task_unlock_irqrestore(self, flags);
 
-	*out_task = child_handle;
-	*out_address_space = space_handle;
-
 	/* clear TLB */
 	pmap_switch(self->t_pmap);
 	put_current_task(self);
 
+	*out_task = child_handle;
+	*out_address_space = space_handle;
+
+	schedule_thread_on_cpu(new_thread);
+
 	return KERN_OK;
 }