Thread

  1. Re: Fix crash during recovery when redo segment is missing

    Nitin Jadhav <nitinjadhavpostgres@gmail.com> — 2025-12-09T04:00:41Z

    > Using PANIC is an inherited historical artifact that has been
    > introduced around 4d14fe0048cf with the introduction of WAL.  There
    > was nothing like archiving or even base backup back then.  Switching
    > the existing surrounding one to also use a FATAL is something that
    > seems worth considering to me for the checkpoint record, at least
    > based on the pattern that there could be a driver error even if there
    > is no backup_label file (aka for example the case of FS-levelsnapshots
    > with one partition used for the data folder, no?).
    
    Thanks for explaining the historical context. I agree that switching
    the existing PANIC to FATAL for the checkpoint record case makes
    sense. I will include this change in the next patch if there are no
    objections from others.
    
    > This offers bonus points in the shape of more tests like the one you
    > have sent upthread.  It's not something that I would backpatch as it
    > is a behavior change, but I'm open to seeing that as an improvement in
    > usability for future releases: PANIC is for cases that should never
    > happen for internal states, due to an internal logic error, or an OS
    > going crazy.  Here we have a should-no-happen case triggered by a
    > user, and a FATAL still provides the same information about what's
    > wrong.  Let's make such changes separate patches, of course, depending
    > on what we find on the way.
    
    Thanks for the suggestion. I will keep that in mind and look to add
    more such tests in future.
    
    Best Regards,
    Nitin Jadhav
    Azure Database for PostgreSQL
    Microsoft