diff --git a/backport-sysctl-return-error-on-permission-denied.patch b/backport-sysctl-return-error-on-permission-denied.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e34f4028882655dab37ed30c763361192eb176f1
--- /dev/null
+++ b/backport-sysctl-return-error-on-permission-denied.patch
@@ -0,0 +1,48 @@
+From cd3a440b562e6efc713ce1524678dd068a85bf91 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <teknoraver@meta.com>
+Date: Mon, 20 Oct 2025 15:22:23 +0800
+Subject: [PATCH] sysctl: return error on permission denied
+
+When trying to write to a readonly sysctl or a directory by mistake,
+sysctl still returns success:
+
+	# sysctl kernel.version=foo
+	sysctl: setting key "kernel.version": Operation not permitted
+	# echo $?
+	0
+	# sysctl kernel=foo
+	sysctl: setting key "kernel": Operation not permitted
+	# echo $?
+	0
+
+Let sysctl return error in both the cases above.
+
+Signed-off-by: Matteo Croce <teknoraver@meta.com>
+---
+ src/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/sysctl.c b/src/sysctl.c
+index 1cb548c..5a5c21b 100644
+--- a/src/sysctl.c
++++ b/src/sysctl.c
+@@ -563,14 +563,14 @@ static int WriteSetting(
+         errno = EPERM;
+         xwarn(_("setting key \"%s\""), dotted_key);
+ 	free(dotted_key);
+-        return rc;
++        return EXIT_FAILURE;
+     }
+ 
+     if (S_ISDIR(ts.st_mode)) {
+         errno = EISDIR;
+         xwarn(_("setting key \"%s\""), dotted_key);
+ 	free(dotted_key);
+-        return rc;
++        return EXIT_FAILURE;
+     }
+ 
+     if (!DryRun) {
+-- 
+2.43.0
+
diff --git a/procps-ng.spec b/procps-ng.spec
index ca141ee7bb64fd4944ad9bc8d8301e0d8be0584a..314b9ec11578c9e67b64d737f1162c8bccbee438 100644
--- a/procps-ng.spec
+++ b/procps-ng.spec
@@ -1,6 +1,6 @@
 Name: 		procps-ng
 Version: 	4.0.4
-Release:	8
+Release:	9
 Summary: 	Utilities that provide system information.
 License: 	GPL+ and GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+
 URL: 		https://sourceforge.net/projects/procps-ng/
@@ -24,6 +24,7 @@ Patch12:	backport-0002-ps-check-for-null-on-escape-source.patch
 Patch13:	backport-0003-ps-mv-check-for-null-from-escape_str_utf8-to-escape_.patch
 Patch14:	backport-0001-library-address-a-potential-race-resulting-in-a-fault.patch
 Patch15:	backport-0002-library-avoid-strdup-calls-in-sd2proc-if-possible.patch
+Patch16:	backport-sysctl-return-error-on-permission-denied.patch
 
 BuildRequires: 	ncurses-devel libtool autoconf automake gcc gettext-devel systemd-devel
 
@@ -106,6 +107,9 @@ ln -s %{_bindir}/pidof %{buildroot}%{_sbindir}/pidof
 %{_mandir}/man*
 
 %changelog
+* Mon Oct 20 2025 cenhuilin <cenhuilin@kylinos.cn> - 4.0.4-9
+- sysctl: return error on permission denied
+
 * Thu Aug 28 2025 Zhu Jin <zhujin18@huawei.com> - 4.0.4-8
 - library: address a potential race resulting in a fault and avoid strdup() calls in sd2proc() if possible