diff --git a/test/simple-memory-corruption/Makefile b/test/simple-memory-corruption/Makefile
index 7ea6e22..e638996 100644
--- a/test/simple-memory-corruption/Makefile
+++ b/test/simple-memory-corruption/Makefile
@@ -9,3 +9,6 @@ all: \
     write_after_free_small \
     read_zero_size \
     write_zero_size \
+    invalid_free_protected \
+    invalid_free_unprotected \
+    invalid_free_small_region \
diff --git a/test/simple-memory-corruption/invalid_free_protected.c b/test/simple-memory-corruption/invalid_free_protected.c
new file mode 100644
index 0000000..97d5be1
--- /dev/null
+++ b/test/simple-memory-corruption/invalid_free_protected.c
@@ -0,0 +1,14 @@
+#include <stdlib.h>
+
+#include <sys/mman.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    free(malloc(16));
+    char *p = mmap(NULL, 4096 * 16, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+    if (p == MAP_FAILED) {
+        return 1;
+    }
+    free(p + 4096 * 8);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/invalid_free_small_region.c b/test/simple-memory-corruption/invalid_free_small_region.c
new file mode 100644
index 0000000..d7f9321
--- /dev/null
+++ b/test/simple-memory-corruption/invalid_free_small_region.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    char *p = malloc(16);
+    if (!p) {
+        return 1;
+    }
+    char *q = p + 4096 * 4;
+    free(q);
+    return 0;
+}
diff --git a/test/simple-memory-corruption/invalid_free_unprotected.c b/test/simple-memory-corruption/invalid_free_unprotected.c
new file mode 100644
index 0000000..01fc630
--- /dev/null
+++ b/test/simple-memory-corruption/invalid_free_unprotected.c
@@ -0,0 +1,14 @@
+#include <stdlib.h>
+
+#include <sys/mman.h>
+
+__attribute__((optimize(0)))
+int main(void) {
+    free(malloc(16));
+    char *p = mmap(NULL, 4096 * 16, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+    if (p == MAP_FAILED) {
+        return 1;
+    }
+    free(p + 4096 * 8);
+    return 0;
+}