diff --git a/tests/fuzz/corpora/fuzz-hsm_secret/23310b00d98159b5b169b2b919f4af986233e4a0 b/tests/fuzz/corpora/fuzz-hsm_secret/23310b00d98159b5b169b2b919f4af986233e4a0
new file mode 100644
index 000000000000..4662158191f7
--- /dev/null
+++ b/tests/fuzz/corpora/fuzz-hsm_secret/23310b00d98159b5b169b2b919f4af986233e4a0
@@ -0,0 +1 @@
+QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ-
\ No newline at end of file
diff --git a/tests/fuzz/corpora/fuzz-hsm_secret/25172a8f2d48f9081b884ed5066cb4fc41a7099d b/tests/fuzz/corpora/fuzz-hsm_secret/25172a8f2d48f9081b884ed5066cb4fc41a7099d
new file mode 100644
index 000000000000..af96d3a4d7f0
Binary files /dev/null and b/tests/fuzz/corpora/fuzz-hsm_secret/25172a8f2d48f9081b884ed5066cb4fc41a7099d differ
diff --git a/tests/fuzz/fuzz-full_channel.c b/tests/fuzz/fuzz-full_channel.c
index 7a5a6a847017..c907f4533704 100644
--- a/tests/fuzz/fuzz-full_channel.c
+++ b/tests/fuzz/fuzz-full_channel.c
@@ -3,15 +3,15 @@
  * from that test.
  */
 #include "config.h"
-#include <fcntl.h>
-#include <common/blockheight_states.h>
 #include <ccan/ccan/array_size/array_size.h>
+#include <channeld/full_channel.h>
+#include <common/blockheight_states.h>
 #include <common/channel_type.h>
 #include <common/fee_states.h>
 #include <common/htlc_wire.h>
 #include <common/setup.h>
 #include <common/status.h>
-#include <channeld/full_channel.h>
+#include <fcntl.h>
 #include <tests/fuzz/libfuzz.h>
 
 /* MOCKS START */
diff --git a/tests/fuzz/fuzz-handle_onion_message.c b/tests/fuzz/fuzz-handle_onion_message.c
index 03112be608c7..0bc4b3085ae9 100644
--- a/tests/fuzz/fuzz-handle_onion_message.c
+++ b/tests/fuzz/fuzz-handle_onion_message.c
@@ -1,18 +1,18 @@
 #include "config.h"
-#include <fcntl.h>
-#include <setjmp.h>
-#include <secp256k1_ecdh.h>
 #include <common/daemon_conn.h>
 #include <common/ecdh.h>
 #include <common/setup.h>
 #include <common/status.h>
 #include <common/wire_error.h>
-#include <connectd/connectd_wiregen.h>
 #include <connectd/connectd.h>
+#include <connectd/connectd_wiregen.h>
 #include <connectd/multiplex.h>
 #include <connectd/onion_message.h>
-#include <wire/peer_wiregen.h>
+#include <fcntl.h>
+#include <secp256k1_ecdh.h>
+#include <setjmp.h>
 #include <tests/fuzz/libfuzz.h>
+#include <wire/peer_wiregen.h>
 
 static int lightningd_fd;
 static struct privkey priv;
diff --git a/tests/fuzz/fuzz-hsm_secret.c b/tests/fuzz/fuzz-hsm_secret.c
index 8c5ccc8bf6c4..cedaf0d7e9c5 100644
--- a/tests/fuzz/fuzz-hsm_secret.c
+++ b/tests/fuzz/fuzz-hsm_secret.c
@@ -20,9 +20,9 @@ void init(int *argc, char ***argv)
 
 void run(const uint8_t *data, size_t size)
 {
-	/* 4294967295 is crypto_pwhash_argon2id_PASSWD_MAX. libfuzzer won't
-	 * generate inputs that large in practice, but hey. */
-	if (size > 32 && size < 4294967295) {
+	/* LibFuzzer won't generate inputs larger than
+	 * crypto_pwhash_argon2id_PASSWD_MAX in practice, but hey. */
+	if (size > sizeof(struct secret) && size < crypto_pwhash_argon2id_PASSWD_MAX) {
 		struct secret *hsm_secret, *encryption_key;
 		char *passphrase;
 		u8 encrypted_data[ENCRYPTED_HSM_SECRET_LEN];
@@ -31,8 +31,9 @@ void run(const uint8_t *data, size_t size)
 
 		/* Take the first 32 bytes as the plaintext hsm_secret seed,
 		 * and the remaining ones as the passphrase. */
-		hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, 32, 0);
-		passphrase = to_string(NULL, data + 32, size - 32);
+		hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, sizeof(struct secret), 0);
+		mlock_tal_memory(hsm_secret);
+		passphrase = to_string(NULL, data + sizeof(struct secret), size - sizeof(struct secret));
 
 		/* A valid seed, a valid passphrase. This should not fail. */
 		encryption_key = get_encryption_key(NULL, passphrase);