diff --git a/1048-cryptsetup-generator-refactor-add_crypttab_devices.patch b/1048-cryptsetup-generator-refactor-add_crypttab_devices.patch
new file mode 100644
index 0000000..262e893
--- /dev/null
+++ b/1048-cryptsetup-generator-refactor-add_crypttab_devices.patch
@@ -0,0 +1,110 @@
+From d2cd65067fc614367a4efe460de5006ad3cfdb91 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 30 May 2024 10:44:36 +0200
+Subject: [PATCH] cryptsetup-generator: refactor add_crypttab_devices()
+
+Move the processing of a crypttab entry to a separate function.
+
+No functional changes, just refactoring.
+
+(cherry picked from commit a07cb7d404582f9c0bfaedb9dd07f93848aa91c6)
+
+Related: RHEL-38859
+---
+ src/cryptsetup/cryptsetup-generator.c | 63 ++++++++++++++++-----------
+ 1 file changed, 38 insertions(+), 25 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 4117930925..50c2a5093a 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -525,10 +525,44 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
+         return 0;
+ }
+ 
++static int add_crypttab_device(const char *name, const char *device,  const char *keyspec, const char *options) {
++        _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
++        crypto_device *d = NULL;
++        char *uuid;
++        int r;
++
++        uuid = startswith(device, "UUID=");
++        if (!uuid)
++                uuid = path_startswith(device, "/dev/disk/by-uuid/");
++        if (!uuid)
++                uuid = startswith(name, "luks-");
++        if (uuid)
++                d = hashmap_get(arg_disks, uuid);
++
++        if (arg_whitelist && !d) {
++                log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
++                return 0;
++        }
++
++        r = split_keyspec(keyspec, &keyfile, &keydev);
++        if (r < 0)
++                return r;
++
++        r = create_disk(name, device, keyfile, keydev, (d && d->options) ? d->options : options);
++        if (r < 0)
++                return r;
++
++        if (d)
++                d->create = false;
++
++        return 0;
++}
++
+ static int add_crypttab_devices(void) {
+         struct stat st;
+         unsigned crypttab_line = 0;
+         _cleanup_fclose_ FILE *f = NULL;
++        int r;
+ 
+         if (!arg_read_crypttab)
+                 return 0;
+@@ -548,10 +582,9 @@ static int add_crypttab_devices(void) {
+         }
+ 
+         for (;;) {
+-                int r, k;
+-                char line[LINE_MAX], *l, *uuid;
+-                crypto_device *d = NULL;
+-                _cleanup_free_ char *name = NULL, *device = NULL, *keydev = NULL, *keyfile = NULL, *keyspec = NULL, *options = NULL;
++                char line[LINE_MAX], *l;
++                _cleanup_free_ char *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL;
++                int k;
+ 
+                 if (!fgets(line, sizeof(line), f))
+                         break;
+@@ -568,29 +601,9 @@ static int add_crypttab_devices(void) {
+                         continue;
+                 }
+ 
+-                uuid = startswith(device, "UUID=");
+-                if (!uuid)
+-                        uuid = path_startswith(device, "/dev/disk/by-uuid/");
+-                if (!uuid)
+-                        uuid = startswith(name, "luks-");
+-                if (uuid)
+-                        d = hashmap_get(arg_disks, uuid);
+-
+-                if (arg_whitelist && !d) {
+-                        log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
+-                        continue;
+-                }
+-
+-                r = split_keyspec(keyspec, &keyfile, &keydev);
++                r = add_crypttab_device(name, device, keyspec, options);
+                 if (r < 0)
+                         return r;
+-
+-                r = create_disk(name, device, keyfile, keydev, (d && d->options) ? d->options : options);
+-                if (r < 0)
+-                        return r;
+-
+-                if (d)
+-                        d->create = false;
+         }
+ 
+         return 0;
diff --git a/1049-cryptsetup-generator-continue-parsing-after-error.patch b/1049-cryptsetup-generator-continue-parsing-after-error.patch
new file mode 100644
index 0000000..5ce968d
--- /dev/null
+++ b/1049-cryptsetup-generator-continue-parsing-after-error.patch
@@ -0,0 +1,43 @@
+From 19a8582024046a483f1631fd6be43126ea30b67c Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 30 May 2024 10:46:13 +0200
+Subject: [PATCH] cryptsetup-generator: continue parsing after error
+
+Let's make the crypttab parser more robust and continue even if parsing
+of a line failed.
+
+(cherry picked from commit 83813bae7ae471862ff84b038b5e4eaefae41c98)
+
+Resolves: RHEL-38859
+---
+ src/cryptsetup/cryptsetup-generator.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 50c2a5093a..ae3e2282fd 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -562,7 +562,7 @@ static int add_crypttab_devices(void) {
+         struct stat st;
+         unsigned crypttab_line = 0;
+         _cleanup_fclose_ FILE *f = NULL;
+-        int r;
++        int r, ret = 0;
+ 
+         if (!arg_read_crypttab)
+                 return 0;
+@@ -602,11 +602,11 @@ static int add_crypttab_devices(void) {
+                 }
+ 
+                 r = add_crypttab_device(name, device, keyspec, options);
+-                if (r < 0)
+-                        return r;
++                if (r < 0 && ret >= 0)
++                        ret = r;
+         }
+ 
+-        return 0;
++        return ret;
+ }
+ 
+ static int add_proc_cmdline_devices(void) {
diff --git a/systemd.spec b/systemd.spec
index ea8ce28..b2124d0 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        239
-Release:        82%{?dist}.8
+Release:        82%{?dist}.9
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -1097,6 +1097,8 @@ Patch1044: 1044-test-restarting-elapsed-timer-shouldn-t-trigger-the-.patch
 Patch1045: 1045-test-check-the-next-elapse-timer-timestamp-after-des.patch
 Patch1046: 1046-timer-don-t-run-service-immediately-after-restart-of.patch
 Patch1047: 1047-Revert-test-extend-testcase-to-ensure-controller-mem.patch
+Patch1048: 1048-cryptsetup-generator-refactor-add_crypttab_devices.patch
+Patch1049: 1049-cryptsetup-generator-continue-parsing-after-error.patch
 
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
@@ -1723,6 +1725,10 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Wed Nov 05 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.9
+- cryptsetup-generator: refactor add_crypttab_devices() (RHEL-38859)
+- cryptsetup-generator: continue parsing after error (RHEL-38859)
+
 * Thu Oct 02 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.8
 - test-execute: let's ignore the difference between CLD_KILLED and CLD_DUMPED (RHEL-108744)
 - test-execute: turn off coredump generation in test services (RHEL-108744)