Index: sys/amd64/amd64/mem.c
===================================================================
--- sys/amd64/amd64/mem.c
+++ sys/amd64/amd64/mem.c
@@ -168,9 +168,11 @@
 memmmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr,
     int prot __unused, vm_memattr_t *memattr __unused)
 {
-	if (dev2unit(dev) == CDEV_MINOR_MEM)
+	if (dev2unit(dev) == CDEV_MINOR_MEM) {
+		if (offset >= (1ULL << cpu_maxphyaddr))
+			return (-1);
 		*paddr = offset;
-	else if (dev2unit(dev) == CDEV_MINOR_KMEM)
+	} else if (dev2unit(dev) == CDEV_MINOR_KMEM)
         	*paddr = vtophys(offset);
 	/* else panic! */
 	return (0);
Index: sys/i386/i386/mem.c
===================================================================
--- sys/i386/i386/mem.c
+++ sys/i386/i386/mem.c
@@ -110,6 +110,10 @@
 		if (dev2unit(dev) == CDEV_MINOR_MEM) {
 			pa = uio->uio_offset;
 			pa &= ~PAGE_MASK;
+			if (pa >= (1ULL << cpu_maxphyaddr)) {
+				error = EFAULT;
+				break;
+			}
 		} else {
 			/*
 			 * Extract the physical page since the mapping may
@@ -161,9 +165,11 @@
 memmmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr,
     int prot __unused, vm_memattr_t *memattr __unused)
 {
-	if (dev2unit(dev) == CDEV_MINOR_MEM)
+	if (dev2unit(dev) == CDEV_MINOR_MEM) {
+		if (offset >= (1ULL << cpu_maxphyaddr))
+			return (-1);
 		*paddr = offset;
-	else if (dev2unit(dev) == CDEV_MINOR_KMEM)
+	} else if (dev2unit(dev) == CDEV_MINOR_KMEM)
         	*paddr = vtophys(offset);
 	/* else panic! */
 	return (0);