r332974 was somewhat sloppy in that I did not properly audit callers of
vm_page_active() and so on. Code like the following is racy after that
revision:

vm_page_assert_locked(m);
if (m->queue == PQ_ACTIVE)
	vm_page_reference(m);
else
	vm_page_requeue(m);

in particular, PGA_DEQUEUE might be set on m, in which case m->queue
may change to PQ_NONE after the vm_page_active() call but before the
vm_page_requeue() call. (Note that once m->queue has transitioned to
PQ_NONE, the page lock prevents further updates to the queue field.)

Add a function, vm_page_queue(), which reads m->queue with the
appropriate synchronization. It requires the page lock. Use this
function where appropriate.

pho found the issue (manifested as an assertion failure in vm_page_requeue()) and verified the patch.