diff --git a/VERSION-openeuler b/VERSION-openeuler
index 9ce0e89343f61c51dbfe23e1fbab6ac93caa8bf9..4c8886863f01a5514cb85ae56a51eba6b9108007 100644
--- a/VERSION-openeuler
+++ b/VERSION-openeuler
@@ -1 +1 @@
-18.09.0.102
+18.09.0.105
diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec
index 5e5cf893b01cc6bcb7742899a3eed472ce622151..82f596909d32d1ada671cfef99d8a40a7fcd565c 100644
--- a/docker-engine-openeuler.spec
+++ b/docker-engine-openeuler.spec
@@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 102
+Release: 105
 Summary: The open-source application container engine
 Group: Tools/Docker
 
@@ -200,7 +200,34 @@ fi
 %endif
 
 %changelog
-* Sat Dec 28 2020 liuzekun<liuzekun@huawei.com> - 18.09.0-102
+* Mon Jan 18 2021 jingrui<jingrui@huawei.com> - 18.09.0-105
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:sync bugfix include
+  1. fix image cleanup failed.
+  2. cleanup load tmp files.
+  3. kill residual container process.
+  4. resume suspend dm device.
+  5. dont kill containerd during dockerd starting.
+  6. handle exit event for restore failed container.
+  7. wait io with timeout when start failed.
+  8. support hostname mirror registry.
+  9. mask unused proc files.
+
+* Tue Dec 8 2020 xiadanni<xiadanni1@huawei.com> - 18.09.0-104
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:runc don't deny all devices when update cgroup resource
+
+* Thu Dec 3 2020 xiadanni<xiadanni1@huawei.com> - 18.09.0-103
+- Type:bugfix
+- ID:NA
+- SUG:restart
+- DESC:containerd fix CVE-2020-15257
+
+* Fri Nov 27 2020 liuzekun<liuzekun@huawei.com> - 18.09.0-102
 - Type:bugfix
 - ID:NA
 - CVE:NA
diff --git a/patch/0174-docker-add-more-messages-for-ops-when-device-not-fo.patch b/patch/0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch
similarity index 100%
rename from patch/0174-docker-add-more-messages-for-ops-when-device-not-fo.patch
rename to patch/0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch
diff --git a/patch/0175-docker-clean-docker-load-leak-files.patch b/patch/0175-docker-clean-docker-load-leak-files.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f0a32c3d37b5ce3a840c8ee557778dd2b0613569
--- /dev/null
+++ b/patch/0175-docker-clean-docker-load-leak-files.patch
@@ -0,0 +1,85 @@
+From a74f1c3e4ab7c6f4a043904a8e68edf04864d98a Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Wed, 2 Dec 2020 17:20:50 +0800
+Subject: [PATCH] docker: clean docker load leak files
+
+Change-Id: I09b66e204f655a9fef660bb85619f5711fb5700b
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ components/engine/daemon/daemon.go            | 39 +++++++++++++++++++
+ .../daemon/graphdriver/devmapper/deviceset.go |  3 +-
+ 2 files changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
+index 3ff5691257..1acd355a15 100644
+--- a/components/engine/daemon/daemon.go
++++ b/components/engine/daemon/daemon.go
+@@ -613,11 +613,50 @@ func (daemon *Daemon) restore() error {
+ 
+ 	group.Wait()
+ 
++	daemon.cleanExit()
+ 	logrus.Info("Loading containers: done.")
+ 
+ 	return nil
+ }
+ 
++func (daemon *Daemon) cleanExit() {
++	mnt := filepath.Join(daemon.root, "devicemapper/mnt")
++	if dir, err := ioutil.ReadDir(mnt); err == nil {
++		for _, f := range dir {
++			fname := filepath.Join(mnt, f.Name())
++			data, err := ioutil.ReadFile(fname)
++			if err != nil {
++				continue
++			}
++			if string(data) == "exit" {
++				logrus.Infof("cleanExit remove mnt %s", fname)
++				os.Remove(fname)
++			}
++		}
++	}
++
++	tmp := filepath.Join(daemon.root, "image/devicemapper/layerdb/tmp")
++	if dir, err := ioutil.ReadDir(tmp); err == nil {
++		for _, f := range dir {
++			if strings.Contains(f.Name(), "write-set-") {
++				fname := filepath.Join(tmp, f.Name())
++				logrus.Infof("cleanExit remove layerdb %s", fname)
++				os.RemoveAll(fname)
++			}
++		}
++	}
++
++	if dir, err := ioutil.ReadDir(os.Getenv("TMPDIR")); err == nil {
++		for _, f := range dir {
++			if strings.Contains(f.Name(), "docker-import-") {
++				fname := filepath.Join(os.Getenv("TMPDIR"), f.Name())
++				logrus.Infof("cleanExit remove tmpdir %s", fname)
++				os.RemoveAll(fname)
++			}
++		}
++	}
++}
++
+ // RestartSwarmContainers restarts any autostart container which has a
+ // swarm endpoint.
+ func (daemon *Daemon) RestartSwarmContainers() {
+diff --git a/components/engine/daemon/graphdriver/devmapper/deviceset.go b/components/engine/daemon/graphdriver/devmapper/deviceset.go
+index ff90c44ce3..750f2b13f8 100644
+--- a/components/engine/daemon/graphdriver/devmapper/deviceset.go
++++ b/components/engine/daemon/graphdriver/devmapper/deviceset.go
+@@ -2286,8 +2286,9 @@ func (devices *DeviceSet) unmountAndDeactivateAll(dir string) {
+ 		if err := unix.Unmount(fullname, unix.MNT_DETACH); err != nil && err != unix.EINVAL {
+ 			logger.Warnf("Shutdown unmounting %s, error: %s", fullname, err)
+ 		} else if err == nil {
+-			logger.Debugf("Remove %s", fullname)
++			logger.Infof("cleanExit prepare %s", fullname)
+ 			os.RemoveAll(fullname)
++			ioutil.WriteFile(fullname, []byte("exit"), 0600)
+ 		}
+ 
+ 		if devInfo, err := devices.lookupDevice(name); err != nil {
+-- 
+2.17.1
+
diff --git a/patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch b/patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch
new file mode 100644
index 0000000000000000000000000000000000000000..49693f28707d0e6ee0affaf62bc77b4c644698d1
--- /dev/null
+++ b/patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch
@@ -0,0 +1,62 @@
+From 544d24895836ec576febaf94be8affde56449fba Mon Sep 17 00:00:00 2001
+From: xiadanni1 <xiadanni1@huawei.com>
+Date: Fri, 27 Nov 2020 16:31:56 +0800
+Subject: [PATCH] docker: kill container process if its status is not running
+ when start daemon
+
+Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
+---
+ components/engine/daemon/daemon.go | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
+index 3ff5691..3cc2a20 100644
+--- a/components/engine/daemon/daemon.go
++++ b/components/engine/daemon/daemon.go
+@@ -17,8 +17,10 @@ import (
+ 	"runtime"
+ 	"strings"
+ 	"sync"
++	"syscall"
+ 	"time"
+ 
++	"golang.org/x/sys/unix"
+ 	"google.golang.org/grpc"
+ 
+ 	"github.com/containerd/containerd"
+@@ -43,6 +45,7 @@ import (
+ 	"github.com/moby/buildkit/util/resolver"
+ 	"github.com/moby/buildkit/util/tracing"
+ 	"github.com/sirupsen/logrus"
++
+ 	// register graph drivers
+ 	_ "github.com/docker/docker/daemon/graphdriver/register"
+ 	"github.com/docker/docker/daemon/stats"
+@@ -51,7 +54,7 @@ import (
+ 	"github.com/docker/docker/image"
+ 	"github.com/docker/docker/layer"
+ 	"github.com/docker/docker/libcontainerd"
+-	"github.com/docker/docker/migrate/v1"
++	v1 "github.com/docker/docker/migrate/v1"
+ 	"github.com/docker/docker/pkg/idtools"
+ 	"github.com/docker/docker/pkg/locker"
+ 	"github.com/docker/docker/pkg/plugingetter"
+@@ -389,6 +392,15 @@ func (daemon *Daemon) restore() error {
+ 				}
+ 			}
+ 
++			if alive && !c.IsRunning() && pid > 1 {
++				if c.Pid == 0 {
++					c.Pid = pid
++				}
++				err := unix.Kill(pid, syscall.SIGKILL)
++				logrus.Warnf("process %v is killed as container=%s is alive but not running, err: %v", pid, c.ID, err)
++				return
++			}
++
+ 			if c.IsRunning() || c.IsPaused() {
+ 				c.RestartManager().Cancel() // manually start containers because some need to wait for swarm networking
+ 
+-- 
+1.8.3.1
+
diff --git a/patch/0177-resume-suspend-dm-on-start.patch b/patch/0177-resume-suspend-dm-on-start.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2ee80f357bfa43dcf8c479e5902811ddf46143fb
--- /dev/null
+++ b/patch/0177-resume-suspend-dm-on-start.patch
@@ -0,0 +1,82 @@
+From 37e3e3dfb31f30b2599d05f021671f6e682f37d6 Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Wed, 9 Dec 2020 17:37:02 +0800
+Subject: [PATCH] resume suspend dm on start
+
+Change-Id: Ibe215c80aa62b4d4b464749cc6e995d2e0e845af
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ components/engine/cmd/dockerd/daemon.go | 43 +++++++++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+
+diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
+index 0b3fa0e037..dbf37f3338 100644
+--- a/components/engine/cmd/dockerd/daemon.go
++++ b/components/engine/cmd/dockerd/daemon.go
+@@ -6,6 +6,7 @@ import (
+ 	"fmt"
+ 	"io/ioutil"
+ 	"os"
++	"os/exec"
+ 	"path/filepath"
+ 	"runtime"
+ 	"strings"
+@@ -72,6 +73,45 @@ func NewDaemonCli() *DaemonCli {
+ 	return &DaemonCli{}
+ }
+ 
++func resumeDM() {
++	c := make(chan struct{})
++	go func() {
++		defer close(c)
++		out, err := exec.Command("dmsetup", "info", "-c", "--sort", "minor", "--noheadings", "--separator", ",", "-o", "attr,name").CombinedOutput()
++		if err != nil {
++			logrus.Errorf("resume-dm dmsetup info failed: %v", err)
++			return
++		}
++
++		args := []string{"resume"}
++		for _, line := range strings.Split(string(out), "\n") {
++			aa := strings.Split(line, ",")
++			if len(aa) != 2 || !strings.Contains(aa[0], "s") || strings.Index(aa[1], "docker-") != 0 {
++				continue
++			}
++			args = append(args, aa[1])
++		}
++		if len(args) == 1 {
++			return
++		}
++
++		logrus.Infof("resume-dm start resume suspended dm %v", args)
++		_, err = exec.Command("dmsetup", args...).CombinedOutput()
++		if err != nil {
++			logrus.Errorf("resume-dm %s failed: %v", err)
++			return
++		}
++		logrus.Infof("resume-dm finished resume suspended dm")
++	}()
++	select {
++	case <-c:
++		return
++	case <-time.After(10*time.Second):
++		logrus.Warnf("resume-dm timeout, continue anyway.")
++		return
++	}
++}
++
+ func cleanupLocalDB(db string) {
+ 	_, err := os.Stat(db)
+ 	if err == nil {
+@@ -150,6 +190,9 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
+ 	})
+ 
+ 	system.InitLCOW(cli.Config.Experimental)
++	if cli.Config.GraphDriver == "devicemapper" {
++		resumeDM()
++	}
+ 
+ 	if err := setDefaultUmask(); err != nil {
+ 		return fmt.Errorf("Failed to set umask: %v", err)
+-- 
+2.17.1
+
diff --git a/patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch b/patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch
new file mode 100644
index 0000000000000000000000000000000000000000..69d9794b2df2ff489b0e8a01bc72277735eee7eb
--- /dev/null
+++ b/patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch
@@ -0,0 +1,85 @@
+From a56def385f835885df056d0d54372111abdc1507 Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Sat, 19 Dec 2020 18:56:38 +0800
+Subject: [PATCH] docker:skip kill and restart containerd during docker daemon
+ is starting
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ components/engine/cmd/dockerd/daemon.go                     | 4 +++-
+ components/engine/libcontainerd/supervisor/remote_daemon.go | 9 +++++++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
+index dbf37f3..c25ee0e 100644
+--- a/components/engine/cmd/dockerd/daemon.go
++++ b/components/engine/cmd/dockerd/daemon.go
+@@ -10,6 +10,7 @@ import (
+ 	"path/filepath"
+ 	"runtime"
+ 	"strings"
++	"sync/atomic"
+ 	"time"
+ 
+ 	containerddefaults "github.com/containerd/containerd/defaults"
+@@ -106,7 +107,7 @@ func resumeDM() {
+ 	select {
+ 	case <-c:
+ 		return
+-	case <-time.After(10*time.Second):
++	case <-time.After(10 * time.Second):
+ 		logrus.Warnf("resume-dm timeout, continue anyway.")
+ 		return
+ 	}
+@@ -304,6 +305,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
+ 
+ 	logrus.Info("Daemon has completed initialization")
+ 
++	atomic.StoreInt32(&supervisor.IsDockerUp, 1)
+ 	cli.d = d
+ 
+ 	routerOptions, err := newRouterOptions(cli.Config, d)
+diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
+index 62ea58c..19582cd 100644
+--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
++++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
+@@ -11,6 +11,7 @@ import (
+ 	"strconv"
+ 	"strings"
+ 	"sync"
++	"sync/atomic"
+ 	"time"
+ 
+ 	"github.com/BurntSushi/toml"
+@@ -19,6 +20,7 @@ import (
+ 	"github.com/docker/docker/pkg/system"
+ 	"github.com/pkg/errors"
+ 	"github.com/sirupsen/logrus"
++	"golang.org/x/sys/unix"
+ )
+ 
+ const (
+@@ -31,6 +33,8 @@ const (
+ 	pidFile                 = "containerd.pid"
+ )
+ 
++var IsDockerUp int32
++
+ type pluginConfigs struct {
+ 	Plugins map[string]interface{} `toml:"plugins"`
+ }
+@@ -314,6 +318,11 @@ func (r *remote) monitorDaemon(ctx context.Context) {
+ 		}
+ 
+ 		if system.IsProcessAlive(r.daemonPid) {
++			if atomic.LoadInt32(&IsDockerUp) == 0 {
++				r.logger.WithField("pid", r.daemonPid).Info("dockerd is starting, skip killing containerd")
++				unix.Kill(r.daemonPid, unix.SIGCONT)
++				continue
++			}
+ 			r.logger.WithField("pid", r.daemonPid).Info("killing and restarting containerd")
+ 			r.killDaemon()
+ 		}
+-- 
+1.8.3.1
+
diff --git a/patch/0179-handle-exit-force.patch b/patch/0179-handle-exit-force.patch
new file mode 100644
index 0000000000000000000000000000000000000000..76c1a5e4cfdbe31e0dadc3c00d1304281719e5d4
--- /dev/null
+++ b/patch/0179-handle-exit-force.patch
@@ -0,0 +1,107 @@
+From 66b6e3065b160bd7d480f183156acbe1cb9bf2e0 Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Tue, 15 Dec 2020 16:05:56 +0800
+Subject: [PATCH] handle exit force
+
+Change-Id: If08483f57b4f04d6c4961c9f588e4d599009eddc
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ components/engine/daemon/monitor.go                |  9 +++++++++
+ components/engine/libcontainerd/client_daemon.go   | 14 ++++++++++++++
+ components/engine/libcontainerd/types.go           |  1 +
+ .../plugin/executor/containerd/containerd.go       |  5 +++++
+ 4 files changed, 29 insertions(+)
+
+diff --git a/components/engine/daemon/monitor.go b/components/engine/daemon/monitor.go
+index e041bd5c69..1b577c0dae 100644
+--- a/components/engine/daemon/monitor.go
++++ b/components/engine/daemon/monitor.go
+@@ -26,6 +26,14 @@ func (daemon *Daemon) setStateCounter(c *container.Container) {
+ 	}
+ }
+ 
++func (daemon *Daemon) IsContainerRunning(id string) bool {
++	c, err := daemon.GetContainer(id)
++	if err != nil {
++		return false
++	}
++	return c.IsRunning()
++}
++
+ // ProcessEvent is called by libcontainerd whenever an event occurs
+ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libcontainerd.EventInfo) error {
+ 	c, err := daemon.GetContainer(id)
+@@ -51,6 +59,7 @@ func (daemon *Daemon) ProcessEvent(id string, e libcontainerd.EventType, ei libc
+ 	case libcontainerd.EventExit:
+ 		if int(ei.Pid) == c.Pid {
+ 			c.Lock()
++			logrus.Infof("handle exit event cid=%s pid=%d", c.ID, c.Pid)
+ 			_, _, err := daemon.containerd.DeleteTask(context.Background(), c.ID)
+ 			if err != nil {
+ 				logrus.WithError(err).Warnf("failed to delete container %s from containerd", c.ID)
+diff --git a/components/engine/libcontainerd/client_daemon.go b/components/engine/libcontainerd/client_daemon.go
+index 05c439c540..502796bd25 100755
+--- a/components/engine/libcontainerd/client_daemon.go
++++ b/components/engine/libcontainerd/client_daemon.go
+@@ -517,9 +517,16 @@ func (c *client) DeleteTask(ctx context.Context, containerID string) (uint32, ti
+ 	return status.ExitCode(), status.ExitTime(), nil
+ }
+ 
++func (c *client) deleteForce(ctx context.Context, id string) {
++	if ctr, err := c.client.LoadContainer(ctx, id); err == nil {
++		logrus.Warnf("delete containerd meta id=%s force: error=%v", id, ctr.Delete(ctx))
++	}
++}
++
+ func (c *client) Delete(ctx context.Context, containerID string) error {
+ 	ctr := c.getContainer(containerID)
+ 	if ctr == nil {
++		c.deleteForce(ctx, containerID)
+ 		return errors.WithStack(newNotFoundError("no such container"))
+ 	}
+ 
+@@ -907,6 +914,13 @@ func (c *client) processEventStream(ctx context.Context, ns string) {
+ 			ctr = c.getContainer(ei.ContainerID)
+ 			if ctr == nil {
+ 				c.logger.WithField("container", ei.ContainerID).Warn("unknown container")
++				if et == EventExit && ei.ProcessID == ei.ContainerID && c.backend.IsContainerRunning(ei.ContainerID) {
++					c.logger.WithField("container", ei.ContainerID).Warn("handle exit event force ...")
++					c.eventQ.append(ei.ContainerID, func() {
++						c.logger.WithField("container", ei.ContainerID).Warnf("handle exit event force: error=%v",
++							c.backend.ProcessEvent(ei.ContainerID, et, ei))
++					})
++				}
+ 				continue
+ 			}
+ 
+diff --git a/components/engine/libcontainerd/types.go b/components/engine/libcontainerd/types.go
+index c4de5e674d..0b9df9193b 100644
+--- a/components/engine/libcontainerd/types.go
++++ b/components/engine/libcontainerd/types.go
+@@ -60,6 +60,7 @@ type EventInfo struct {
+ // Backend defines callbacks that the client of the library needs to implement.
+ type Backend interface {
+ 	ProcessEvent(containerID string, event EventType, ei EventInfo) error
++	IsContainerRunning(id string) bool
+ }
+ 
+ // Client provides access to containerd features.
+diff --git a/components/engine/plugin/executor/containerd/containerd.go b/components/engine/plugin/executor/containerd/containerd.go
+index a3401dce79..f75771fe41 100644
+--- a/components/engine/plugin/executor/containerd/containerd.go
++++ b/components/engine/plugin/executor/containerd/containerd.go
+@@ -141,6 +141,11 @@ func (e *Executor) ProcessEvent(id string, et libcontainerd.EventType, ei libcon
+ 	return nil
+ }
+ 
++func (e *Executor) IsContainerRunning(id string) bool {
++	ok, _ := e.IsRunning(id)
++	return ok
++}
++
+ type rio struct {
+ 	cio.IO
+ 
+-- 
+2.17.1
+
diff --git a/patch/0180-wait-io-with-timeout-in-task-delete.patch b/patch/0180-wait-io-with-timeout-in-task-delete.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5ac8675e93b18f55a2382c9156d150c2802a6f93
--- /dev/null
+++ b/patch/0180-wait-io-with-timeout-in-task-delete.patch
@@ -0,0 +1,47 @@
+From 0f3aa35a1c38fe7fc49cd6fb66fc47a993ad6bb8 Mon Sep 17 00:00:00 2001
+From: jingrui <jingrui@huawei.com>
+Date: Wed, 16 Dec 2020 18:39:00 +0800
+Subject: [PATCH] wait io with timeout in task delete
+
+Change-Id: I23ed40d69279b14a216b6ffb9988439475be5cad
+Signed-off-by: jingrui <jingrui@huawei.com>
+---
+ .../github.com/containerd/containerd/task.go      | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/components/engine/vendor/github.com/containerd/containerd/task.go b/components/engine/vendor/github.com/containerd/containerd/task.go
+index 6806e11620..7421432bed 100644
+--- a/components/engine/vendor/github.com/containerd/containerd/task.go
++++ b/components/engine/vendor/github.com/containerd/containerd/task.go
+@@ -44,6 +44,7 @@ import (
+ 	"github.com/opencontainers/image-spec/specs-go/v1"
+ 	specs "github.com/opencontainers/runtime-spec/specs-go"
+ 	"github.com/pkg/errors"
++	"github.com/sirupsen/logrus"
+ )
+ 
+ // UnknownExitStatus is returned when containerd is unable to
+@@ -287,8 +288,18 @@ func (t *task) Delete(ctx context.Context, opts ...ProcessDeleteOpts) (*ExitStat
+ 		return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "task must be stopped before deletion: %s", status.Status)
+ 	}
+ 	if t.io != nil {
+-		t.io.Cancel()
+-		t.io.Wait()
++		done := make(chan struct{})
++		go func() {
++			t.io.Cancel()
++			t.io.Wait()
++			close(done)
++		}()
++		select {
++		case <-time.After(3 * time.Second):
++			logrus.Warnf("task delete wait io close timeout, some fifo io may be dropped.")
++		case <-done:
++			// ok
++		}
+ 	}
+ 	r, err := t.client.TaskService().Delete(ctx, &tasks.DeleteTaskRequest{
+ 		ContainerID: t.id,
+-- 
+2.17.1
+
diff --git a/patch/0181-docker-do-not-return-when-matched-registry-mirror.patch b/patch/0181-docker-do-not-return-when-matched-registry-mirror.patch
new file mode 100644
index 0000000000000000000000000000000000000000..54b67f3bf1809313ee520bc9e6d23e8805489aa3
--- /dev/null
+++ b/patch/0181-docker-do-not-return-when-matched-registry-mirror.patch
@@ -0,0 +1,137 @@
+From 8cc3f33020152d51d38927593ba49ad3dfacf62e Mon Sep 17 00:00:00 2001
+From: shaobao.feng <shaobao.feng@huawei.com>
+Date: Mon, 7 Dec 2020 15:30:11 +0800
+Subject: [PATCH] docker: do not return when matched registry mirror
+
+Change-Id: I5317b91b60293e1f4c50f5a327790c5509537f9b
+reason: append hostname itself to make sure the hostname itself will be tried.
+---
+ components/engine/registry/service_v2.go | 86 +++++++++++-------------
+ 1 file changed, 41 insertions(+), 45 deletions(-)
+
+diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
+index adeb10c550..df66cd7451 100644
+--- a/components/engine/registry/service_v2.go
++++ b/components/engine/registry/service_v2.go
+@@ -19,8 +19,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 		if reg != nil {
+ 			var regEndpoints []registrytypes.Endpoint = reg.Mirrors
+ 
+-			lastIndex := len(regEndpoints) - 1
+-			for i, regEP := range regEndpoints {
++			for _, regEP := range regEndpoints {
+ 				official := regEP.Address == registrytypes.DefaultEndpoint.Address
+ 				regURL := regEP.GetURL()
+ 
+@@ -41,49 +40,48 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 					TLSConfig:    tlsConfig,
+ 					Prefix:       hostname,
+ 					// the last endpoint is not considered a mirror
+-					Mirror: i != lastIndex,
++					Mirror: true,
+ 				})
+ 			}
+-			return endpoints, nil
++			// don't return here, otherwise the hostname itself will not be appended to the endpoints,
++			// and the hostname itself will not be tried, which is not a desired action.
+ 		}
+-	} else {
++	}
++	if hostname == DefaultNamespace || hostname == IndexHostname {
+ 		tlsConfig = tlsconfig.ServerDefault()
+-		if hostname == DefaultNamespace || hostname == IndexHostname {
+-			// v2 mirrors
+-			for _, mirror := range s.config.Mirrors {
+-				if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
+-					mirror = "https://" + mirror
+-				}
+-				mirrorURL, err := url.Parse(mirror)
+-				if err != nil {
+-					return nil, err
+-				}
+-				mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+-				if err != nil {
+-					return nil, err
+-				}
+-				endpoints = append(endpoints, APIEndpoint{
+-					URL: mirrorURL,
+-					// guess mirrors are v2
+-					Version:      APIVersion2,
+-					Mirror:       true,
+-					TrimHostname: true,
+-					TLSConfig:    mirrorTLSConfig,
+-				})
++		// v2 mirrors
++		for _, mirror := range s.config.Mirrors {
++			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
++				mirror = "https://" + mirror
++			}
++			mirrorURL, err := url.Parse(mirror)
++			if err != nil {
++				return nil, err
++			}
++			mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
++			if err != nil {
++				return nil, err
+ 			}
+-			// v2 registry
+ 			endpoints = append(endpoints, APIEndpoint{
+-				URL:          DefaultV2Registry,
++				URL: mirrorURL,
++				// guess mirrors are v2
+ 				Version:      APIVersion2,
+-				Official:     true,
++				Mirror:       true,
+ 				TrimHostname: true,
+-				TLSConfig:    tlsConfig,
++				TLSConfig:    mirrorTLSConfig,
+ 			})
+-
+-			return endpoints, nil
+ 		}
+-	}
++		// v2 registry
++		endpoints = append(endpoints, APIEndpoint{
++			URL:          DefaultV2Registry,
++			Version:      APIVersion2,
++			Official:     true,
++			TrimHostname: true,
++			TLSConfig:    tlsConfig,
++		})
+ 
++		return endpoints, nil
++	}
+ 	ana := allowNondistributableArtifacts(s.config, hostname)
+ 
+ 	tlsConfig, err = s.tlsConfig(hostname)
+@@ -91,18 +89,16 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 		return nil, err
+ 	}
+ 
+-	endpoints = []APIEndpoint{
+-		{
+-			URL: &url.URL{
+-				Scheme: "https",
+-				Host:   hostname,
+-			},
+-			Version:                        APIVersion2,
+-			AllowNondistributableArtifacts: ana,
+-			TrimHostname:                   true,
+-			TLSConfig:                      tlsConfig,
++	endpoints = append(endpoints, APIEndpoint{
++		URL: &url.URL{
++			Scheme: "https",
++			Host:   hostname,
+ 		},
+-	}
++		Version:                        APIVersion2,
++		AllowNondistributableArtifacts: ana,
++		TrimHostname:                   true,
++		TLSConfig:                      tlsConfig,
++	})
+ 
+ 	if tlsConfig.InsecureSkipVerify {
+ 		endpoints = append(endpoints, APIEndpoint{
+-- 
+2.17.1
+
diff --git a/patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch b/patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5ed2ef16630d21eb4fe64ee95fc59639cb7b3879
--- /dev/null
+++ b/patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch
@@ -0,0 +1,29 @@
+From fada5f66fcc555d706603dd3c7832e78e9955501 Mon Sep 17 00:00:00 2001
+From: liuzekun <liuzekun@huawei.com>
+Date: Thu, 31 Dec 2020 03:07:42 -0500
+Subject: add masked paths pagealloc_module and slaballoc_statistics
+
+Signed-off-by: liuzekun <liuzekun@huawei.com>
+---
+ components/engine/oci/defaults.go | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/components/engine/oci/defaults.go b/components/engine/oci/defaults.go
+index e763cb75..ff027d89 100644
+--- a/components/engine/oci/defaults.go
++++ b/components/engine/oci/defaults.go
+@@ -135,9 +135,11 @@ func DefaultLinuxSpec() specs.Spec {
+ 			"/proc/oom_extend",
+ 			"/proc/pagealloc_statistics",
+ 			"/proc/pagealloc_bt",
++			"/proc/pagealloc_module",
+ 			"/proc/pin_memory",
+ 			"/proc/slaballoc_bt",
+ 			"/proc/slaballoc_module",
++			"/proc/slaballoc_statistics",
+ 			"/proc/sched_debug",
+ 			"/proc/scsi",
+ 			"/proc/sig_catch",
+-- 
+2.19.1
+
diff --git a/patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch b/patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c9784dc3f270ddba4205d4f4ea635732e56ff1bc
--- /dev/null
+++ b/patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch
@@ -0,0 +1,48 @@
+From ef64f4dd5d532b550bb68f60e6373e139fdf5382 Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Fri, 15 Jan 2021 11:23:04 +0800
+Subject: [PATCH] docker: wait io with timeout when process Start failed
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ .../vendor/github.com/containerd/containerd/process.go  | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/components/engine/vendor/github.com/containerd/containerd/process.go b/components/engine/vendor/github.com/containerd/containerd/process.go
+index ff7d838..4d0dca9 100644
+--- a/components/engine/vendor/github.com/containerd/containerd/process.go
++++ b/components/engine/vendor/github.com/containerd/containerd/process.go
+@@ -26,6 +26,7 @@ import (
+ 	"github.com/containerd/containerd/cio"
+ 	"github.com/containerd/containerd/errdefs"
+ 	"github.com/pkg/errors"
++	"github.com/sirupsen/logrus"
+ )
+ 
+ // Process represents a system process
+@@ -111,9 +112,19 @@ func (p *process) Start(ctx context.Context) error {
+ 		ExecID:      p.id,
+ 	})
+ 	if err != nil {
+-		p.io.Cancel()
+-		p.io.Wait()
+-		p.io.Close()
++		done := make(chan struct{})
++		go func() {
++			p.io.Cancel()
++			p.io.Wait()
++			p.io.Close()
++			close(done)
++		}()
++		select {
++		case <-time.After(30 * time.Second):
++			logrus.Warnf("process start failed with error %v, wait io close timeout, some fifo io may be dropped.", err)
++		case <-done:
++			// ok
++		}
+ 		return errdefs.FromGRPC(err)
+ 	}
+ 	p.pid = r.Pid
+-- 
+1.8.3.1
+
diff --git a/patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch b/patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bf84f7baea0e3e3afd49912b82b626be3d1514af
--- /dev/null
+++ b/patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch
@@ -0,0 +1,63 @@
+From cfc92becb2605d67a7391c43261e698d0fdd57bd Mon Sep 17 00:00:00 2001
+From: xiadanni <xiadanni1@huawei.com>
+Date: Fri, 15 Jan 2021 15:37:42 +0800
+Subject: [PATCH] docker: delete image reference when failed to get image
+ configuration to avoid docker pull error
+
+according to patch 0110-docker-Fix-can-t-pull-image-while-the-image-i.patch,
+if the layers of image has been damaged, image reference should be
+deleted from repositories.json to avoid docker pull failed.
+
+however, when imageStore.Get failed, isExist flag has not been set to
+false, which cause the image reference has still not been deleted, only
+warning is printed.
+
+flood warnings printed every time user restarts docker daemon, like:
+Jan 15 14:09:52 localhost dockerd[3952467]:
+time="2021-01-15T14:09:52.705664179+08:00" level=warning msg="Failed to
+get image configration for image id
+sha256:d0a015ffac5ba3b9d2a641de56b3b2ed24409b7082c7811ebac4c2f4977b0965,
+error: failed to get digest
+sha256:d0a015ffac5ba3b9d2a641de56b3b2ed24409b7082c7811ebac4c2f4977b0965:
+open
+/var/lib/docker/image/devicemapper/imagedb/content/sha256/d0a015ffac5ba3b9d2a641de56b3b2ed24409b7082c7811ebac4c2f4977b0965:
+no such file or directory"
+
+so we fix the logic, delete image reference when failed to get image
+configuration.
+
+Signed-off-by: xiadanni <xiadanni1@huawei.com>
+---
+ components/engine/daemon/daemon.go | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
+index e826f6a..ed268d2 100644
+--- a/components/engine/daemon/daemon.go
++++ b/components/engine/daemon/daemon.go
+@@ -1097,11 +1097,10 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
+ 		return nil, err
+ 	}
+ 
+-	// delete reference of image not nornamlly loaded to imageStore
+-	var isExist bool
++	// delete reference of image not normally loaded to imageStore
+ 	for _, imageID := range rs.List() {
++		isExist := false
+ 		if img, err := imageStore.Get(image.ID(imageID)); err == nil {
+-			isExist = false
+ 			if chainID := img.RootFS.ChainID(); chainID != "" {
+ 				l, err := layerStores[runtime.GOOS].Get(chainID)
+ 				if err == nil {
+@@ -1112,7 +1111,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
+ 				isExist = true
+ 			}
+ 		} else {
+-			logrus.Warnf("Failed to get image configration for image id %s, error: %s", imageID, err)
++			logrus.Warnf("Failed to get image configuration for image id %s, error: %s", imageID, err)
+ 		}
+ 
+ 		// If the image not exist locally, delete its reference
+-- 
+1.8.3.1
+
diff --git a/series.conf b/series.conf
index 1b6b8cfc5e543767064a44ef4746dbcc0d76b3d6..13fd73b4201a12d790845768a07571f307dfd103 100644
--- a/series.conf
+++ b/series.conf
@@ -162,12 +162,22 @@ patch/0163-docker-delete-event-is-not-need-to-process.patch
 patch/0164-docker-stat-process-exit-file-when-kill-process-dire.patch
 patch/0165-docker-sync-cli-vendor.patch
 patch/0167-docker-fix-CVE-2020-13401.patch
+patch/0167-dockerd-add-more-messages-for-ops-when-device-not-fo.patch
 patch/0168-docker-do-not-add-w-to-LDFLAGS.patch
 patch/0169-docker-add-files-in-proc-for-mask.patch
 patch/0170-docker-fix-docker-load-files-leak.patch
 patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch
 patch/0172-docker-fix-panic-on-single-character-volumes.patch
 patch/0173-docker-fix-stats-memory-usage-display-error.patch
-patch/0174-docker-add-more-messages-for-ops-when-device-not-fo.patch
 patch/0175-docker-mask-proc-pin_memory.patch
+patch/0175-docker-clean-docker-load-leak-files.patch
+patch/0176-docker-kill-container-process-if-its-status-is-not-r.patch
+patch/0177-resume-suspend-dm-on-start.patch
+patch/0178-docker-skip-kill-and-restart-containerd-during-docke.patch
+patch/0179-handle-exit-force.patch
+patch/0180-wait-io-with-timeout-in-task-delete.patch
+patch/0181-docker-do-not-return-when-matched-registry-mirror.patch
+patch/0183-add-masked-paths-pagealloc_module-and-slaballoc_stat.patch
+patch/0184-docker-wait-io-with-timeout-when-process-Start-faile.patch
+patch/0185-docker-delete-image-reference-when-failed-to-get-ima.patch
 #end