This interface is used solely by md(4) when the MD_RESERVE flag is
specified, as in mdconfig -a -t swap -s 1G -o reserve. It
pre-allocates swap blocks for the entire object.

The number of blocks to be reserved is specified as a vm_size_t, but
swp_pager_getswapspace() can allocate at most INT_MAX blocks. vm_size_t
also seems like the incorrect type to use here it refers only to the
size of the VM object, not the size of a mapping. So:

• change the type of "size" in swap_pager_reserve() to vm_pindex_t, and
• clamp the requested number of blocks for a single swp_pager_getswapspace() call to INT_MAX.

Reported by: syzkaller