When running a dnf query of the form "dnf provides '*/x y*'" (you can just use that literally), there is always a segfault in glibc. It is not always the same, but most times it was in the malloc call. The tcache->entries table contains an invalid address, a very large address. For example, the first few entries are: {0x0, 0x6e69622f7273752f, 0x559ab56a2bc0, 0x559ab5599e80, 0x559ab5700670 The second one is the problem.
Looks like a use-after-free in libsolv: ==29328== Invalid read of size 1 ==29328== at 0x4C32BC2: __strlen_sse2 (vg_replace_strmem.c:460) ==29328== by 0x5DAD8CD: strdup (strdup.c:41) ==29328== by 0x1844BC82: solv_strdup (in /usr/lib64/libsolv.so.0) ==29328== by 0x18443773: datamatcher_init (in /usr/lib64/libsolv.so.0) ==29328== by 0x184445CB: dataiterator_init (in /usr/lib64/libsolv.so.0) ==29328== by 0x17F8B573: reldeplist_from_str (in /usr/lib64/libdnf.so.1) ==29328== by 0x17D62306: pyseq_to_reldeplist (in /usr/lib64/python3.6/site-packages/hawkey/_hawkey.so) ==29328== by 0x17D63FE9: ??? (in /usr/lib64/python3.6/site-packages/hawkey/_hawkey.so) ==29328== by 0x4FBDB5E: PyCFunction_Call (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x5002E36: _PyEval_EvalFrameDefault (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F59784: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F5A4BC: _PyFunction_FastCallDict (in /usr/lib64/libpython3.6m.so.1.0) ==29328== Address 0x10fcda50 is 0 bytes inside a block of size 32 free'd ==29328== at 0x4C30D18: free (vg_replace_malloc.c:530) ==29328== by 0x11EE046D: g_free (in /usr/lib64/libglib-2.0.so.0.5400.3) ==29328== by 0x17F8B3E7: parse_reldep_str (in /usr/lib64/libdnf.so.1) ==29328== by 0x17F8B556: reldeplist_from_str (in /usr/lib64/libdnf.so.1) ==29328== by 0x17D62306: pyseq_to_reldeplist (in /usr/lib64/python3.6/site-packages/hawkey/_hawkey.so) ==29328== by 0x17D63FE9: ??? (in /usr/lib64/python3.6/site-packages/hawkey/_hawkey.so) ==29328== by 0x4FBDB5E: PyCFunction_Call (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x5002E36: _PyEval_EvalFrameDefault (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F59784: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F5A4BC: _PyFunction_FastCallDict (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F5A80D: _PyObject_FastCallDict (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F64950: _PyObject_Call_Prepend (in /usr/lib64/libpython3.6m.so.1.0) ==29328== Block was alloc'd at ==29328== at 0x4C2FB6B: malloc (vg_replace_malloc.c:299) ==29328== by 0x11EE0358: g_malloc (in /usr/lib64/libglib-2.0.so.0.5400.3) ==29328== by 0x17F8B1E8: copy_str_from_subexpr (in /usr/lib64/libdnf.so.1) ==29328== by 0x17F8B2A9: parse_reldep_str (in /usr/lib64/libdnf.so.1) ==29328== by 0x17F8B556: reldeplist_from_str (in /usr/lib64/libdnf.so.1) ==29328== by 0x17D62306: pyseq_to_reldeplist (in /usr/lib64/python3.6/site-packages/hawkey/_hawkey.so) ==29328== by 0x17D63FE9: ??? (in /usr/lib64/python3.6/site-packages/hawkey/_hawkey.so) ==29328== by 0x4FBDB5E: PyCFunction_Call (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x5002E36: _PyEval_EvalFrameDefault (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F59784: ??? (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F5A4BC: _PyFunction_FastCallDict (in /usr/lib64/libpython3.6m.so.1.0) ==29328== by 0x4F5A80D: _PyObject_FastCallDict (in /usr/lib64/libpython3.6m.so.1.0)
huh? no, libdnf. (gdb) n 766 dataiterator_init(&di, pool, 0, 0, 0, name_glob, SEARCH_STRING | SEARCH_GLOB); (gdb) p name_glob $2 = 0x0 asking to search for NULL is really wrong ;)
Actually, libsolv returns correct thing (nothing), but then python-hawkey tried to fill some random stuff to sequence and then tries to free that... That's not going to work. Nothing to do for libsolv.
Please can you provide exact version od libdnf, libsolv, and dnf? Thanks a lot
libdnf-0.11.1-1.fc27.x86_64 libsolv-0.6.31-1.fc27.x86_64 dnf-2.7.5-2.fc27.noarch
Thanks for information. I was able to reproduce your problem with your versions, but the problem vanished with upstream versions. libdnf-0.13.0-0.295g97c23df.fc26.x86_64 libsolv-0.6.31-1.fc26.x86_64 dnf-2.8.6-0.114ge83d408b.fc26.noarch The upstream is available from copr repo (dnf copr enable rpmsoftwaremanagement/dnf-nightly).