Recently, when I was running my application on 8.3.7, my data got
corrupted. The scene was like this: "invalid memory alloc request size ...."
I invested the error data, and found that one sector of a db-block became
all-zero (I confirmed the reason later, it was because that my disk got
bad).
I also checked the log of postmaster, and I found that there were 453
ERROR messages that said "could not read block XXX of relation XXX: ??",
where XXX was the db-block that the bad sector resided in. After these 453
failed read operations, postmaster read successed, but got an all-zero
sector! (I don't know why operating system will allow this happen, but it
just happened)
My question is: should not mdxxx functions(e.g. mdread, mdwrite, mdsync)
just report PANIC instead of ERROR when I/O failed? IMO, since the data has
already corrupted, reporting ERROR will just leave us a very curious scene
later -- which does more harm that benefit.