Fix golden snapshot virtio-net virtqueue corruption

[motatoes]

Summary

• Bring the host-side TAP device down before flushing the guest eth0 during golden snapshot creation
• Fixes a race where the host pushes ARP/IPv6 ND packets into the virtio-net RX ring between the guest flush and VM pause, corrupting the virtqueue state
• Without this fix, restored VMs get virtio_net virtio2: input.0:id 0 is not a head! (vq->broken=true) which permanently breaks networking for every sandbox created from the golden snapshot

Root cause

During PrepareGoldenSnapshot(), the quiesce sequence was:

1. Guest: ip addr flush dev eth0 && ip link set eth0 down
2. Close agent, sleep 500ms
3. Pause VM + snapshot

The host-side TAP remained up, allowing packets to enter the RX ring during steps 1-3. The fix adds ip link set <TAP> down on the host before step 1.

Test plan

• Verified on prod: restarted worker, created sandbox, confirmed ping/DNS/HTTPS all work
• Deploy this fix and verify golden snapshot survives multiple worker restarts without virtqueue corruption

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
opensandbox	Ready	Preview, Comment	Mar 13, 2026 5:20am

[github-actions]

Preview Environment Destroyed

The preview environment dev-pr-64 has been torn down.
All AWS resources for this environment have been cleaned up.