diff --git a/qemu.spec b/qemu.spec
index e7cbb5184df55af3a846d4f2f0cec56845957cb1..d3128cda3e1adccbdd0514e3a43ff8254dc10fa0 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 50
+Release: 51
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY
@@ -260,6 +260,7 @@ Patch0247: tftp-check-tftp_input-buffer-size.patch
 Patch0248: tftp-introduce-a-header-structure.patch
 Patch0249: fix-cve-2020-35504.patch
 Patch0250: fix-cve-2020-35505.patch
+Patch0251: virtio-balloon-apply-upstream-patch.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -605,6 +606,9 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Fri Dec 03 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- virtio-balloon: apply upstream patch.
+
 * Wed Oct 27 2021 Chen Qun <kuhn.chenqun@huawei.com>
 - fix cve-2020-35504
 - fix cve-2020-35505
diff --git a/virtio-balloon-apply-upstream-patch.patch b/virtio-balloon-apply-upstream-patch.patch
new file mode 100644
index 0000000000000000000000000000000000000000..09e03f15d34b3a3cce58f39b74d71cf928bdf0eb
--- /dev/null
+++ b/virtio-balloon-apply-upstream-patch.patch
@@ -0,0 +1,31 @@
+From c68a086b1280f8adf42b4419934c59215a15d81d Mon Sep 17 00:00:00 2001
+From: Ming Yang <yangming73@huawei.com>
+Date: Tue, 16 Nov 2021 17:23:26 +0800
+Subject: [PATCH] virtio-balloon: apply upstream patch.
+
+Signed-off-by: Ming Yang <yangming73@huawei.com>
+---
+ hw/virtio/virtio-balloon.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
+index 25de154307..ae56c0d906 100644
+--- a/hw/virtio/virtio-balloon.c
++++ b/hw/virtio/virtio-balloon.c
+@@ -830,6 +830,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp)
+     }
+     balloon_stats_destroy_timer(s);
+     qemu_remove_balloon_handler(s);
++
++    virtio_del_queue(vdev, 0);
++    virtio_del_queue(vdev, 1);
++    virtio_del_queue(vdev, 2);
++    if (s->free_page_vq) {
++        virtio_del_queue(vdev, 3);
++    }
+     virtio_cleanup(vdev);
+ }
+ 
+-- 
+2.27.0
+