diff --git a/lib/sandbox/sandbox.go b/lib/sandbox/sandbox.go
index a12a96ef..0b590586 100644
--- a/lib/sandbox/sandbox.go
+++ b/lib/sandbox/sandbox.go
@@ -485,6 +485,8 @@ func (s *Sandbox) NetNsRemove() error {
 		return err
 	}
 
+	s.netns.closed = true
+
 	if s.netns.restored {
 		// we got namespaces in the form of
 		// /var/run/netns/cni-0d08effa-06eb-a963-f51a-e2b0eceffc5d
@@ -505,6 +507,5 @@ func (s *Sandbox) NetNsRemove() error {
 		}
 	}
 
-	s.netns.closed = true
 	return nil
 }
diff --git a/server/sandbox_stop.go b/server/sandbox_stop.go
index 31e51694..5bd24d15 100644
--- a/server/sandbox_stop.go
+++ b/server/sandbox_stop.go
@@ -49,13 +49,6 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque
 		return resp, nil
 	}
 
-	// Clean up sandbox networking and close its network namespace.
-	hostNetwork := sb.NetNsPath() == ""
-	s.networkStop(hostNetwork, sb)
-	if err := sb.NetNsRemove(); err != nil {
-		return nil, err
-	}
-
 	podInfraContainer := sb.InfraContainer()
 	containers := sb.Containers().List()
 	containers = append(containers, podInfraContainer)
@@ -77,6 +70,13 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque
 		s.ContainerStateToDisk(c)
 	}
 
+	// Clean up sandbox networking and close its network namespace.
+	hostNetwork := sb.NetNsPath() == ""
+	s.networkStop(hostNetwork, sb)
+	if err := sb.NetNsRemove(); err != nil {
+		return nil, err
+	}
+
 	if err := label.ReleaseLabel(sb.ProcessLabel()); err != nil {
 		return nil, err
 	}
@@ -97,6 +97,7 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque
 			}
 		}
 	}
+
 	if err := s.StorageRuntimeServer().StopContainer(sb.ID()); err != nil && errors.Cause(err) != storage.ErrContainerUnknown {
 		logrus.Warnf("failed to stop sandbox container in pod sandbox %s: %v", sb.ID(), err)
 	}