Ledgers "stall" gracefully. When a node is applying ledger txns to state, and runs into a ledger txn that causes an exception during deserialization or validation or processing, then the failure will be handled gracefully. A nice error message outlining the specific issue will be put to the log. That ledger will be set to a "STALLED" state. On startup, or on upgrade, or maybe even periodically, the node will reattempt to restart a stalled ledger, that is, process the ledger entry that failed. It will not proceed past the current state, and it will not participate in 3pc on any txns for that ledger. With this stalled concept, we don't need a separate consensus protocol for each ledger.
The combination of Ledgers "stall" gracefully and Consensus may not be required means we can recover from some nasty bugs.