diff --git a/bin/dd/args.c b/bin/dd/args.c
index 27d4a9a36314..40aff559de48 100644
--- a/bin/dd/args.c
+++ b/bin/dd/args.c
@@ -167,14 +167,6 @@ jcl(char **argv)
 			errx(1, "cbs meaningless if not doing record operations");
 	} else
 		cfunc = def;
-
-	/*
-	 * Bail out if the calculation of a file offset would overflow.
-	 */
-	if (in.offset > OFF_MAX / (ssize_t)in.dbsz ||
-	    out.offset > OFF_MAX / (ssize_t)out.dbsz)
-		errx(1, "seek offsets cannot be larger than %jd",
-		    (intmax_t)OFF_MAX);
 }
 
 static int
diff --git a/bin/dd/position.c b/bin/dd/position.c
index 57bfde592b64..3228bfc6bb6b 100644
--- a/bin/dd/position.c
+++ b/bin/dd/position.c
@@ -45,12 +45,41 @@ __FBSDID("$FreeBSD$");
 #include <err.h>
 #include <errno.h>
 #include <inttypes.h>
+#include <limits.h>
 #include <signal.h>
 #include <unistd.h>
 
 #include "dd.h"
 #include "extern.h"
 
+static off_t
+seek_offset(IO *io)
+{
+	off_t n;
+	size_t sz;
+
+	n = io->offset;
+	sz = io->dbsz;
+
+	_Static_assert(sizeof(io->offset) == sizeof(int64_t), "64-bit off_t");
+
+	/*
+	 * If the lseek offset will be negative, verify that this is a special
+	 * device file.  Some such files (e.g. /dev/kmem) permit "negative"
+	 * offsets.
+	 *
+	 * Bail out if the calculation of a file offset would overflow.
+	 */
+	if ((io->flags & ISCHR) == 0 && n > OFF_MAX / (ssize_t)sz)
+		errx(1, "seek offsets cannot be larger than %jd",
+		    (intmax_t)OFF_MAX);
+	else if ((io->flags & ISCHR) != 0 && (uint64_t)n > UINT64_MAX / sz)
+		errx(1, "seek offsets cannot be larger than %ju",
+		    (uintmax_t)UINT64_MAX);
+
+	return ((off_t)( (uint64_t)n * sz ));
+}
+
 /*
  * Position input/output data streams before starting the copy.  Device type
  * dependent.  Seekable devices use lseek, and the rest position by reading.
@@ -68,7 +97,7 @@ pos_in(void)
 	/* If known to be seekable, try to seek on it. */
 	if (in.flags & ISSEEK) {
 		errno = 0;
-		if (lseek(in.fd, in.offset * in.dbsz, SEEK_CUR) == -1 &&
+		if (lseek(in.fd, seek_offset(&in), SEEK_CUR) == -1 &&
 		    errno != 0)
 			err(1, "%s", in.name);
 		return;
@@ -136,7 +165,7 @@ pos_out(void)
 	 */
 	if (out.flags & (ISSEEK | ISPIPE)) {
 		errno = 0;
-		if (lseek(out.fd, out.offset * out.dbsz, SEEK_CUR) == -1 &&
+		if (lseek(out.fd, seek_offset(&out), SEEK_CUR) == -1 &&
 		    errno != 0)
 			err(1, "%s", out.name);
 		return;