Did you fully upgrade your Fedora 41 systems before upgrading to Fedora 42?
What else relevant journalctl shows?
Can you share your /var/log/dnf5.log file just after the failed upgrade?

The "Failed to read package header from file" message means that rpmReadPackageFile() function from RPM library failed read, or parse that package.
Does e.g. "rpm -q -i -p /usr/lib/sysimage/libdnf5/offline/./packages/localsearch-3.9.0-1.fc42.aarch64.rpm" works for you?

As I wrote:
I did an 

dnf update --refresh befote trying to sys update

package seems to be ok 

rpm -q -i -p /usr/lib/sysimage/libdnf5/offline/./packages/localsearch-3.9.0-1.fc42.aarch64.rpm 
Name        : localsearch
Version     : 3.9.0
Release     : 1.fc42
Architecture: aarch64
Install Date: (not installed)
Group       : Unspecified
Size        : 5137187
License     : GPL-2.0-or-later AND LGPL-2.1-or-later
Signature   : RSA/SHA256, Thu 20 Mar 2025 12:46:29 PM CET, Key ID c8ac4916105ef944
Source RPM  : localsearch-3.9.0-1.fc42.src.rpm
Build Date  : Thu 20 Mar 2025 12:33:32 PM CET
Build Host  : buildvm-a64-13.iad2.fedoraproject.org
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : https://gnome.pages.gitlab.gnome.org/localsearch/
Bug URL     : https://bugz.fedoraproject.org/localsearch
Summary     : Localsearch and metadata extractors
Description :
Tinysparql is a powerful desktop-neutral first class object database,
tag/metadata database and search tool.

This package contains various miners and metadata extractors for tinysparql.

I actually tried to upgrade to 43, just to test, and got an

Failed to read package header from file "/usr/lib/sysimage/libdnf5/offline/./packages/decibels-48.0-1.fc43.noarch.rpm"

`rpm -q -i -p /usr/lib/sysimage/libdnf5/offline/./packages/decibels-48.0-1.fc43.noarch.rpm`

seems to be fine again. So it doesn't appear to be package specific

File path is simply mounted at /

Filesystem     1K-blocks     Used Available Use% Mounted on
/dev/mmcblk0p3 123272192 14636708 108386604  12% /

So most likely not the case the file is expected to be located at a device not yet mounted

DNF would print a different error if the file did not exist. That's something with processing its content in the boot environment and it is specific to aarch64 or your system.

system-upgrade from F41 to F42 works for me with dnf5-5.2.13.1-1.fc41 on x86_64.

Try to boot your system into a single-user mode (or how systemd call it) and inspecting the package with rpm there. If it passes, then try upgrading the package with rpm there. If it passes try upgrading the package with dnf there.

I managed to reproduce it on x86_64. The trigger is a skewed clock:

I boot a virtual machine with clock set to 1971-01-01 without network. After loging in, date was 2025-03-07. I suspect systemd discovers a clock regression and set the clock to something recent. Then I called "dnf offline reboot", rebooted, the update application exited quickly and rebooted again.

Then systemd journal revealed a message similar to yours:

bře 07 01:00:07 fedora-41 dnf5[825]: Failed to read package header from file "/usr/lib/sysimage/libdnf5/offline/./packages/kernel-modules-extra-6.14.6-300.fc42.x86_64.rpm"

In dnf5.log, which I asked you for, was this:

2025-03-07T00:00:24+0000 [909] INFO Rebooting to perform offline transaction.
2025-03-07T00:00:24+0000 [909] INFO DNF5 finished
2025-03-07T00:00:03+0000 [825] INFO --- DNF5 launched with arguments: "/usr/bin/dnf5 offline _execute" ---
[...]
2025-03-07T00:00:04+0000 [825] DEBUG Trying to load more plugins using the "expired-pgp-keys" plugin.
2025-03-07T00:00:04+0000 [825] DEBUG End of loading plugins using the "expired-pgp-keys" plugin.
2025-03-07T00:00:04+0000 [825] ERROR [rpm] Verifying a signature using certificate 466CF2D8B60BC3057AA9453ED0622462E99D6AD1 (Fedora (41) <fedora-41-primary>):
  Signature d2f8 created at Wed Apr 23 12:41:43 2025 invalid: signature is not alive
      because: Not live until 2025-04-23T12:36:43Z
2025-03-07T00:00:04+0000 [825] ERROR [rpm] rpmdbNextIterator: skipping h#   39364 
Header V4 RSA/SHA256 Signature, key ID e99d6ad1: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
2025-03-07T00:00:04+0000 [825] ERROR [rpm] Verifying a signature using certificate 466CF2D8B60BC3057AA9453ED0622462E99D6AD1 (Fedora (41) <fedora-41-primary>):
  Signature e21b created at Wed Apr 23 12:41:44 2025 invalid: signature is not alive
      because: Not live until 2025-04-23T12:36:44Z
2025-03-07T00:00:04+0000 [825] ERROR [rpm] rpmdbNextIterator: skipping h#   39365 
Header V4 RSA/SHA256 Signature, key ID e99d6ad1: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
2025-03-07T00:00:04+0000 [825] DEBUG Loading system repo rpmdb from root "/"
2025-03-07T00:00:05+0000 [825] INFO Starting system upgrade. This will take a while.
[...]
2025-03-07T00:00:06+0000 [825] DEBUG Found running kernel: kernel-core-0:6.14.6-200.fc41.x86_64
2025-03-07T00:00:06+0000 [825] ERROR [rpm] Verifying a signature using certificate B0F4950458F69E1150C6C5EDC8AC4916105EF944 (Fedora (42) <fedora-42-primary>):
  Signature cd6d created at Sat May 10 02:05:01 2025 invalid: signature is not alive
      because: Not live until 2025-05-10T02:00:01Z
2025-03-07T00:00:06+0000 [825] ERROR [rpm] /usr/lib/sysimage/libdnf5/offline/./packages/kernel-modules-extra-6.14.6-300.fc42.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 105ef944: BAD
2025-03-07T00:00:06+0000 [825] ERROR Command returned error: Failed to read package header from file "/usr/lib/sysimage/libdnf5/offline/./packages/kernel-modules-extra-6.14.6-300.fc42.x86_64.rpm"

As you can see systemd set the clock not recent enough, still earlier than a validity period of a key which signed the complained package.

This is a duplicate of bug #2242759. Maybe the error message is different, but the cause still the same.

*** This bug has been marked as a duplicate of bug 2242759 ***

My bad: Thought I ruled it out as a https://bugzilla.redhat.com/show_bug.cgi?id=2242759
Proposed workaround 

`touch /usr/lib/clock-epoch`

works for me