Recently, when I was running my application on 8.3.7, my data got corrupted. The scene was like this: "invalid memory alloc request size ...."
I invested the error data, and found that one sector of a db-block became all-zero (I confirmed the reason later, it was because that my disk got bad). I also checked the log of postmaster, and I found that there were 453 ERROR messages that said "could not read block XXX of relation XXX: ??", where XXX was the db-block that the bad sector resided in. After these 453 failed read operations, postmaster read successed, but got an all-zero sector! (I don't know why operating system will allow this happen, but it just happened) My question is: should not mdxxx functions(e.g. mdread, mdwrite, mdsync) just report PANIC instead of ERROR when I/O failed? IMO, since the data has already corrupted, reporting ERROR will just leave us a very curious scene later -- which does more harm that benefit. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers