Hello Howard, On Thu, Jul 06, 2017 at 08:55:01PM +0100, Howard Chu wrote: Thanks for looking at it, and your suggestion made me revisit it. let me share I am finding in the debug. This is the failure frame: #5 do_read (ld=0x3fff980008e0, entry=0x6e6d756c413d756f <error: Cannot access memory at address 0x6e6d756c413d756f>, attrs=0x20020058 <srchattrs>, noattrs=<optimized out>, maxloop=<optimized out>, maxretries=<optimized out>, force=<optimized out>, idx=<optimized out>, chaserefs=<optimized out>, delay=<optimized out>, nobind=<optimized out>) at ../../../../tests/progs/slapd-mtread.c:791 On this frame, these are the values we have: i = 0 do_retry = 0 rc = <optimized out> thrstr = "Read(1): entry=\"0 cnt: 1 (retried 0) (dc=example,dc=com)\000u=Alumni Association,ou=People,dc=example,dc=com)\000mple,dc=com)", '\000' <repeats 6641 times>... e = <optimized out> attrs = {0x200072a0 "1.1", 0x0} rc = 0 nvalues = <optimized out> res = 0x3fffa0001ac0 So, that is what I suppose is happening. On the following loop, ldap_first_entry() is returning NULL, thus, i = 0; for ( i = 0, e = ldap_first_entxury( ld, res ); e != NULL; i++, e = ldap_next_entry( ld, e ) ) { values[ i ] = ldap_get_dn( ld, e ); } values[ i ] = NULL; Thus, value[0] = NULL; Later, the do_random() code does the following loop and innerloop is 10000. for ( i = 0; i < innerloop; i++ ) { int r = ((double)nvalues)*rand()/(RAND_MAX + 1.0); do_read( ld, values[ r ], srchattrs, noattrs, nobind, 1, maxretries, delay, force, chaserefs, idx ); } Thus, independent of the r value, values[r] will have garbage, right? But I agree with you, I need to find a better patch that address this e = NULL corner case.