The top of ltsleep() contains this:

        /*
         * XXXSMP
         * This is probably bogus.  Figure out what the right
         * thing to do here really is.
         * Note that not sleeping if ltsleep is called with curlwp == NULL
         * in the shutdown case is disgusting but partly necessary given
         * how shutdown (barely) works.
         */
        if (cold || (doing_shutdown && (panicstr || (l == NULL)))) {
                /*
                 * After a panic, or during autoconfiguration,
                 * just give interrupts a chance, then just return;
                 * don't run any other procs or panic below,
                 * in case this is the idle process and already asleep.
                 */

The problem with that is that, if the system is panicking and trying
to reboot (which may include an attempt to sync disks), and a kernel
thread that loops calling ltsleep to wait for work (e.g., aiodoned, or
i386's MD apm_thread) gets woken up, it will run forever and the
system will never succeed in rebooting.

However, I assume it's like that for a reason, and that an actual fix
isn't trivial.  So, I'm posting here in the hope of evoking discussion
that might, at least, give me an idea of what would need to be done to
make ddb.onpanic=0 actually manage to reboot more often than not.

-- 
(let ((C call-with-current-continuation)) (apply (lambda (x y) (x y)) (map
((lambda (r) ((C C) (lambda (s) (r (lambda l (apply (s s) l))))))  (lambda
(f) (lambda (l) (if (null? l) C (lambda (k) (display (car l)) ((f (cdr l))
(C k)))))))    '((#\J #\d #\D #\v #\s) (#\e #\space #\a #\i #\newline)))))