diff --git a/tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0 b/tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0
new file mode 100644
index 000000000000..4662158191f7
--- /dev/null
+++ b/tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0
@@ -0,0 +1 @@
+QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ-
\ No newline at end of file
diff --git a/tests/fuzz/corpora/fuzz-hsm_encryption/25172a8f2d48f9081b884ed5066cb4fc41a7099d b/tests/fuzz/corpora/fuzz-hsm_encryption/25172a8f2d48f9081b884ed5066cb4fc41a7099d
new file mode 100644
index 000000000000..af96d3a4d7f0
Binary files /dev/null and b/tests/fuzz/corpora/fuzz-hsm_encryption/25172a8f2d48f9081b884ed5066cb4fc41a7099d differ
diff --git a/tests/fuzz/fuzz-hsm_encryption.c b/tests/fuzz/fuzz-hsm_encryption.c
index 168fc2540264..1bc738ee8a31 100644
--- a/tests/fuzz/fuzz-hsm_encryption.c
+++ b/tests/fuzz/fuzz-hsm_encryption.c
@@ -11,9 +11,9 @@ void init(int *argc, char ***argv)
 
 void run(const uint8_t *data, size_t size)
 {
-	/* 4294967295 is crypto_pwhash_argon2id_PASSWD_MAX. libfuzzer won't
-	 * generate inputs that large in practice, but hey. */
-	if (size > 32 && size < 4294967295) {
+	/* LibFuzzer won't generate inputs larger than
+	 * crypto_pwhash_argon2id_PASSWD_MAX in practice, but hey. */
+	if (size > sizeof(struct secret) && size < crypto_pwhash_argon2id_PASSWD_MAX) {
 		struct secret *hsm_secret, decrypted_hsm_secret, encryption_key;
 		char *passphrase;
 		struct encrypted_hsm_secret encrypted_secret;
@@ -21,8 +21,8 @@ void run(const uint8_t *data, size_t size)
 
 		/* Take the first 32 bytes as the plaintext hsm_secret seed,
 		 * and the remaining ones as the passphrase. */
-		hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, 32, 0);
-		passphrase = to_string(NULL, data + 32, size - 32);
+		hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, sizeof(struct secret), 0);
+		passphrase = to_string(NULL, data + sizeof(struct secret), size - sizeof(struct secret));
 
 		/* A valid seed, a valid passphrase. This should not fail. */
 		assert(!hsm_secret_encryption_key_with_exitcode(passphrase, &encryption_key, &emsg));
@@ -35,7 +35,7 @@ void run(const uint8_t *data, size_t size)
 			     decrypted_hsm_secret.data,
 			     sizeof(decrypted_hsm_secret.data)));
 
-		tal_free(hsm_secret);
+		discard_key(hsm_secret);
 		tal_free(passphrase);
 	}
 }