--- sys/fs/nfsserver/nfs_nfsdserv.c.crash2	2021-11-25 16:00:19.885995000 -0800
+++ sys/fs/nfsserver/nfs_nfsdserv.c	2021-11-25 16:26:35.413949000 -0800
@@ -6077,10 +6077,12 @@ nfsrvd_listxattr(struct nfsrv_descript *nd, __unused i
 		if (cookie2 < cookie)
 			nd->nd_repstat = NFSERR_BADXDR;
 	}
+	retlen = NFSX_HYPER + 2 * NFSX_UNSIGNED;
+	if (nd->nd_repstat == 0 && len == 0 && len2 < retlen)
+		nd->nd_repstat = NFSERR_TOOSMALL;
 	if (nd->nd_repstat == 0) {
 		/* Now copy the entries out. */
-		retlen = NFSX_HYPER + 2 * NFSX_UNSIGNED;
-		if (len == 0 && retlen <= len2) {
+		if (len == 0) {
 			/* The cookie was at eof. */
 			NFSM_BUILD(tl, uint32_t *, NFSX_HYPER + 2 *
 			    NFSX_UNSIGNED);