diff --git a/qemu.spec b/qemu.spec
index fed8970a48273cf5663075db60ac675c9afbdd3f..353eab0bd3d6c45d23fffba427c66bdd7d406961 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,6 +1,6 @@
 Name: qemu
 Version: 4.1.0
-Release: 61
+Release: 62
 Epoch: 2
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@@ -342,6 +342,7 @@ Patch0329: tftp-check-tftp_input-buffer-size.patch
 Patch0330: tftp-introduce-a-header-structure.patch
 Patch0331: fix-cve-2020-35504.patch
 Patch0332: fix-cve-2020-35505.patch
+Patch0333: virtio-balloon-apply-upstream-patch.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -738,6 +739,9 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Mon Dec 20 2021 Chen Qun <kuhn.chenqun@huawei.com>
+- virtio-balloon: apply upstream patch.
+
 * Wed Oct 27 2021 Chen Qun <kuhn.chenqun@huawei.com>
 - fix cve-2020-35504
 - fix cve-2020-35505
diff --git a/virtio-balloon-apply-upstream-patch.patch b/virtio-balloon-apply-upstream-patch.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8d8f0d3246faefec50144778f56b0e8c6494d363
--- /dev/null
+++ b/virtio-balloon-apply-upstream-patch.patch
@@ -0,0 +1,31 @@
+From bcea62f545e85ad55c3e4fa245de58df42df5f28 Mon Sep 17 00:00:00 2001
+From: Ming Yang <yangming73@huawei.com>
+Date: Tue, 16 Nov 2021 17:16:56 +0800
+Subject: [PATCH] virtio-balloon: apply upstream patch.
+
+Signed-off-by: Ming Yang <yangming73@huawei.com>
+---
+ hw/virtio/virtio-balloon.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
+index 25de154307..ae56c0d906 100644
+--- a/hw/virtio/virtio-balloon.c
++++ b/hw/virtio/virtio-balloon.c
+@@ -830,6 +830,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp)
+     }
+     balloon_stats_destroy_timer(s);
+     qemu_remove_balloon_handler(s);
++
++    virtio_del_queue(vdev, 0);
++    virtio_del_queue(vdev, 1);
++    virtio_del_queue(vdev, 2);
++    if (s->free_page_vq) {
++        virtio_del_queue(vdev, 3);
++    }
+     virtio_cleanup(vdev);
+ }
+ 
+-- 
+2.27.0
+