diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
index e0a606643e87..a1688e940f7a 100644
--- a/fs/nilfs2/ioctl.c
+++ b/fs/nilfs2/ioctl.c
@@ -863,6 +863,9 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp,
 	if (argv[4].v_size != argsz[4])
 		goto out;
 
+	nilfs = inode->i_sb->s_fs_info;
+	if (nsegs > nilfs->ns_nsegments)
+		goto out;
 	/*
 	 * argv[4] points to segment numbers this ioctl cleans.  We
 	 * use kmalloc() for its buffer because the memory used for the
@@ -874,7 +877,6 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp,
 		ret = PTR_ERR(kbufs[4]);
 		goto out;
 	}
-	nilfs = inode->i_sb->s_fs_info;
 
 	for (n = 0; n < 4; n++) {
 		ret = -EINVAL;