Monthly Archives: 十二月 2021

LockBit病毒oracle数据库恢复

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:LockBit病毒oracle数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

有一客户emr库文件被勒索加密
20211229215328

Restore-My-Files.txt文件内容

LockBit 2.0 Ransomware

Your data are stolen and encrypted
The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
 and https://bigblog.at if you do not pay the ransom
You can contact us and decrypt one file for free on these TOR sites

http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion


http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion

OR

https://decoding.at

Decryption ID: 6AECC4637C3D17FC6197EEE5B6D3BDF5

通过工具检查破坏情况,发现该病毒是间隔加密破坏
20211229215722

该库比较特殊由于核心表含有xml字段(核心数据),一般工具无法正常恢复这种数据,对于这种情况,通过我们开发的勒索小工具进行恢复
20211229220227
然后打开数据库,导出数据
20211228201249
20211228201326

ORA-15130: diskgroup “ORADATA” is being dismounted

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:ORA-15130: diskgroup “ORADATA” is being dismounted

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

磁盘组mount之后,立马又dismount

Sat Dec 25 17:48:45 2021
SQL> alter diskgroup ORADATA mount 
NOTE: cache registered group ORADATA number=5 incarn=0xd4b7ac6a
NOTE: cache began mount (first) of group ORADATA number=5 incarn=0xd4b7ac6a
NOTE: Assigning number (5,24) to disk (/dev/mapper/data31)
NOTE: Assigning number (5,26) to disk (/dev/mapper/data33)
NOTE: Assigning number (5,21) to disk (/dev/mapper/data29)
NOTE: Assigning number (5,23) to disk (/dev/mapper/data30)
NOTE: Assigning number (5,25) to disk (/dev/mapper/data32)
NOTE: Assigning number (5,19) to disk (/dev/mapper/data27)
NOTE: Assigning number (5,20) to disk (/dev/mapper/data28)
NOTE: Assigning number (5,18) to disk (/dev/mapper/data26)
NOTE: Assigning number (5,14) to disk (/dev/mapper/data22)
NOTE: Assigning number (5,17) to disk (/dev/mapper/data25)
NOTE: Assigning number (5,16) to disk (/dev/mapper/data24)
NOTE: Assigning number (5,15) to disk (/dev/mapper/data23)
NOTE: Assigning number (5,13) to disk (/dev/mapper/data21)
NOTE: Assigning number (5,12) to disk (/dev/mapper/data20)
NOTE: Assigning number (5,10) to disk (/dev/mapper/data19)
NOTE: Assigning number (5,9) to disk (/dev/mapper/data18)
NOTE: Assigning number (5,8) to disk (/dev/mapper/data17)
NOTE: Assigning number (5,3) to disk (/dev/mapper/data12)
NOTE: Assigning number (5,22) to disk (/dev/mapper/data3)
NOTE: Assigning number (5,2) to disk (/dev/mapper/data11)
NOTE: Assigning number (5,7) to disk (/dev/mapper/data16)
NOTE: Assigning number (5,28) to disk (/dev/mapper/data5)
NOTE: Assigning number (5,32) to disk (/dev/mapper/data9)
NOTE: Assigning number (5,6) to disk (/dev/mapper/data15)
NOTE: Assigning number (5,5) to disk (/dev/mapper/data14)
NOTE: Assigning number (5,4) to disk (/dev/mapper/data13)
NOTE: Assigning number (5,1) to disk (/dev/mapper/data10)
NOTE: Assigning number (5,30) to disk (/dev/mapper/data7)
NOTE: Assigning number (5,29) to disk (/dev/mapper/data6)
NOTE: Assigning number (5,31) to disk (/dev/mapper/data8)
NOTE: Assigning number (5,11) to disk (/dev/mapper/data2)
NOTE: Assigning number (5,27) to disk (/dev/mapper/data4)
NOTE: Assigning number (5,0) to disk (/dev/mapper/data1)
Sat Dec 25 17:48:52 2021
NOTE: GMON heartbeating for grp 5
GMON querying group 5 at 153 for pid 32, osid 68608
NOTE: cache opening disk 0 of grp 5: ORADATA_0000 path:/dev/mapper/data1
NOTE: F1X0 found on disk 0 au 2 fcn 0.0
NOTE: cache opening disk 1 of grp 5: ORADATA_0001 path:/dev/mapper/data10
NOTE: cache opening disk 2 of grp 5: ORADATA_0002 path:/dev/mapper/data11
NOTE: cache opening disk 3 of grp 5: ORADATA_0003 path:/dev/mapper/data12
NOTE: cache opening disk 4 of grp 5: ORADATA_0004 path:/dev/mapper/data13
NOTE: cache opening disk 5 of grp 5: ORADATA_0005 path:/dev/mapper/data14
NOTE: cache opening disk 6 of grp 5: ORADATA_0006 path:/dev/mapper/data15
NOTE: cache opening disk 7 of grp 5: ORADATA_0007 path:/dev/mapper/data16
NOTE: cache opening disk 8 of grp 5: ORADATA_0008 path:/dev/mapper/data17
NOTE: cache opening disk 9 of grp 5: ORADATA_0009 path:/dev/mapper/data18
NOTE: cache opening disk 10 of grp 5: ORADATA_0010 path:/dev/mapper/data19
NOTE: cache opening disk 11 of grp 5: ORADATA_0011 path:/dev/mapper/data2
NOTE: cache opening disk 12 of grp 5: ORADATA_0012 path:/dev/mapper/data20
NOTE: cache opening disk 13 of grp 5: ORADATA_0013 path:/dev/mapper/data21
NOTE: cache opening disk 14 of grp 5: ORADATA_0014 path:/dev/mapper/data22
NOTE: cache opening disk 15 of grp 5: ORADATA_0015 path:/dev/mapper/data23
NOTE: cache opening disk 16 of grp 5: ORADATA_0016 path:/dev/mapper/data24
NOTE: cache opening disk 17 of grp 5: ORADATA_0017 path:/dev/mapper/data25
NOTE: cache opening disk 18 of grp 5: ORADATA_0018 path:/dev/mapper/data26
NOTE: cache opening disk 19 of grp 5: ORADATA_0019 path:/dev/mapper/data27
NOTE: cache opening disk 20 of grp 5: ORADATA_0020 path:/dev/mapper/data28
NOTE: cache opening disk 21 of grp 5: ORADATA_0021 path:/dev/mapper/data29
NOTE: cache opening disk 22 of grp 5: ORADATA_0022 path:/dev/mapper/data3
NOTE: cache opening disk 23 of grp 5: ORADATA_0023 path:/dev/mapper/data30
NOTE: cache opening disk 24 of grp 5: ORADATA_0024 path:/dev/mapper/data31
NOTE: cache opening disk 25 of grp 5: ORADATA_0025 path:/dev/mapper/data32
NOTE: cache opening disk 26 of grp 5: ORADATA_0026 path:/dev/mapper/data33
NOTE: cache opening disk 27 of grp 5: ORADATA_0027 path:/dev/mapper/data4
NOTE: cache opening disk 28 of grp 5: ORADATA_0028 path:/dev/mapper/data5
NOTE: cache opening disk 29 of grp 5: ORADATA_0029 path:/dev/mapper/data6
NOTE: cache opening disk 30 of grp 5: ORADATA_0030 path:/dev/mapper/data7
NOTE: cache opening disk 31 of grp 5: ORADATA_0031 path:/dev/mapper/data8
NOTE: cache opening disk 32 of grp 5: ORADATA_0032 path:/dev/mapper/data9
NOTE: cache mounting (first) external redundancy group 5/0xD4B7AC6A (ORADATA)
Sat Dec 25 17:48:52 2021
* allocate domain 5, invalid = TRUE 
kjbdomatt send to inst 2
Sat Dec 25 17:48:52 2021
NOTE: attached to recovery domain 5
NOTE: starting recovery of thread=1 ckpt=92.6417 group=5 (ORADATA)
NOTE: advancing ckpt for group 5 (ORADATA) thread=1 ckpt=92.6418
NOTE: cache recovered group 5 to fcn 0.9502919
NOTE: redo buffer size is 256 blocks (1053184 bytes)
Sat Dec 25 17:48:52 2021
NOTE: LGWR attempting to mount thread 1 for diskgroup 5 (ORADATA)
NOTE: LGWR found thread 1 closed at ABA 92.6417
NOTE: LGWR mounted thread 1 for diskgroup 5 (ORADATA)
NOTE: LGWR opening thread 1 at fcn 0.9502919 ABA 93.6418
NOTE: cache mounting group 5/0xD4B7AC6A (ORADATA) succeeded
NOTE: cache ending mount (success) of group ORADATA number=5 incarn=0xd4b7ac6a
Sat Dec 25 17:48:53 2021
NOTE: Instance updated compatible.asm to 11.2.0.0.0 for grp 5
SUCCESS: diskgroup ORADATA was mounted
SUCCESS: alter diskgroup ORADATA mount
Sat Dec 25 17:48:53 2021
NOTE: diskgroup resource ora.ORADATA.dg is online
WARNING:cache read  a corrupt block: group=5(ORADATA)dsk=5 blk=2 disk=5(ORADATA_0005)incarn=2406 au=0 blk=2 count=1
Errors in file /u01/app/grid/diag/asm/+asm/+ASM1/trace/+ASM1_rbal_48956.trc:
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
NOTE: a corrupted block from group ORADATA was dumped to /u01/app/grid/diag/asm/+asm/+ASM1/trace/+ASM1_rbal_48956.trc
WARNING:cache read(retry)a corrupt block:group=5(ORADATA)dsk=5 blk=2 disk=5(ORADATA_0005)incarn=2406 au=0 blk=2 count=1
Errors in file /u01/app/grid/diag/asm/+asm/+ASM1/trace/+ASM1_rbal_48956.trc:
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
ERROR: cache failed to read group=5(ORADATA) dsk=5 blk=2 from disk(s): 5(ORADATA_0005)
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
NOTE: cache initiating offline of disk 5 group ORADATA
NOTE: process _rbal_+asm1 (48956) initiating offline of disk 5.240607694 (ORADATA_0005) with mask 0x7e in group 5
NOTE: initiating PST update: grp = 5, dsk = 5/0xe5761ce, mask = 0x6a, op = clear
GMON updating disk modes for group 5 at 155 for pid 18, osid 48956
ERROR: Disk 5 cannot be offlined, since diskgroup has external redundancy.
ERROR: too many offline disks in PST (grp 5)
Sat Dec 25 17:48:55 2021
NOTE: cache dismounting (not clean) group 5/0xD4B7AC6A (ORADATA) 
WARNING: Offline for disk ORADATA_0005 in mode 0x7f failed.
Sat Dec 25 17:48:55 2021
NOTE: halting all I/Os to diskgroup 5 (ORADATA)
NOTE: messaging CKPT to quiesce pins Unix process pid: 22744, image: oracle@wxzldb1 (B000)
Errors in file /u01/app/grid/diag/asm/+asm/+ASM1/trace/+ASM1_rbal_48956.trc  (incident=1289754):
ORA-15335: ASM metadata corruption detected in disk group 'ORADATA'
ORA-15130: diskgroup "ORADATA" is being dismounted
ORA-15066: offlining disk "ORADATA_0005" in group "ORADATA" may result in a data loss
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
ORA-15196: invalid ASM block header [kfc.c:26368] [endian_kfbh] [2147483653] [2] [0 != 1]
Incident details in: /u01/app/grid/diag/asm/+asm/+ASM1/incident/incdir_1289754/+ASM1_rbal_48956_i1289754.trc
NOTE: LGWR doing non-clean dismount of group 5 (ORADATA)
NOTE: LGWR sync ABA=93.6418 last written ABA 93.6418
kjbdomdet send to inst 2
detach from dom 5, sending detach message to inst 2
Sat Dec 25 17:48:56 2021
List of instances:
 1 2
Dirty detach reconfiguration started (new ddet inc 1, cluster inc 4)
Sat Dec 25 17:48:56 2021
Sweep [inc][1289754]: completed
 Global Resource Directory partially frozen for dirty detach
* dirty detach - domain 5 invalid = TRUE 
 41 GCS resources traversed, 0 cancelled
Dirty Detach Reconfiguration complete
freeing rdom 5
System State dumped to trace file /u01/app/grid/diag/asm/+asm/+ASM1/incident/incdir_1289754/+ASM1_rbal_48956_i1289754.trc
WARNING: dirty detached from domain 5
NOTE: cache dismounted group 5/0xD4B7AC6A (ORADATA)

问题比较明显是由于disk=5 au=0 blk=2有问题导致磁盘组mount之后立马异常.通过kfed分析对应block情况

C:\Users\XFF>kfed read h:\temp\asmdisk\data14.dd|more
kfbh.endian:                          1 ; 0x000: 0x01
kfbh.hard:                          130 ; 0x001: 0x82
kfbh.type:                            1 ; 0x002: KFBTYP_DISKHEAD
kfbh.datfmt:                          1 ; 0x003: 0x01
kfbh.block.blk:                       0 ; 0x004: blk=0
kfbh.block.obj:              2147483653 ; 0x008: disk=5
kfbh.check:                   314993330 ; 0x00c: 0x12c66ab2
kfbh.fcn.base:                        0 ; 0x010: 0x00000000
kfbh.fcn.wrap:                        0 ; 0x014: 0x00000000
kfbh.spare1:                          0 ; 0x018: 0x00000000
kfbh.spare2:                          0 ; 0x01c: 0x00000000
kfdhdb.driver.provstr:         ORCLDISK ; 0x000: length=8
kfdhdb.driver.reserved[0]:            0 ; 0x008: 0x00000000
kfdhdb.driver.reserved[1]:            0 ; 0x00c: 0x00000000
kfdhdb.driver.reserved[2]:            0 ; 0x010: 0x00000000
kfdhdb.driver.reserved[3]:            0 ; 0x014: 0x00000000
kfdhdb.driver.reserved[4]:            0 ; 0x018: 0x00000000
kfdhdb.driver.reserved[5]:            0 ; 0x01c: 0x00000000
kfdhdb.compat:                186646528 ; 0x020: 0x0b200000
kfdhdb.dsknum:                        5 ; 0x024: 0x0005
kfdhdb.grptyp:                        1 ; 0x026: KFDGTP_EXTERNAL
kfdhdb.hdrsts:                        3 ; 0x027: KFDHDR_MEMBER
kfdhdb.dskname:            ORADATA_0005 ; 0x028: length=12
kfdhdb.grpname:                 ORADATA ; 0x048: length=7
kfdhdb.fgname:             ORADATA_0005 ; 0x068: length=12

C:\Users\XFF>kfed read h:\temp\asmdisk\data14.dd aun=0 blkn=2|more
kfbh.endian:                          0 ; 0x000: 0x00
kfbh.hard:                            0 ; 0x001: 0x00
kfbh.type:                            0 ; 0x002: KFBTYP_INVALID
kfbh.datfmt:                          0 ; 0x003: 0x00
kfbh.block.blk:                       0 ; 0x004: blk=0
kfbh.block.obj:                       0 ; 0x008: file=0
kfbh.check:                           0 ; 0x00c: 0x00000000
kfbh.fcn.base:                        0 ; 0x010: 0x00000000
kfbh.fcn.wrap:                        0 ; 0x014: 0x00000000
kfbh.spare1:                          0 ; 0x018: 0x00000000
kfbh.spare2:                          0 ; 0x01c: 0x00000000
0066D8200 00000000 00000000 00000000 00000000  [................]
  Repeat 255 times
KFED-00322: Invalid content encountered during block traversal: [kfbtTraverseBlock][Invalid OSM block type][][0]

通过kfed分析,该block确实异常,该block主要记录au的分配信息,如果asm 磁盘组的空间不变化,不执行rebalance,一般不会主动访问该block,不访问该block磁盘组也就不会dismount,按照这个解决思路,通过patch解决,让oradata磁盘组不再执行rebalance和分配/回收空间即可一直稳定的mount
20211227210314

数据库直接open成功,实现数据0丢失
20211227210411

frm和ibd文件数据库恢复

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:frm和ibd文件数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

这次客户rm -rf /var/lib/mysql删除文件,删除一半及时终止,但是已经有很多mysql相关文件被删除,重要的ibdata文件已经被删除,并且客户尝试了大量的恢复工作,对该分区进行了大量的写入操作,导致后面通过对xfs文件系统进行分析,确认无法恢复对应的ibdata文件.比较幸运客户需要的核心的mysql库都还在(frm和ibd文件还存在)
20211224105004

对于这种情况,可以参考以前类似的处理方法:[MySQL异常恢复]mysql ibd文件恢复
由于客户无法提供创建表语句需要通过对frm进行解析获取语句,利用mysqlfrm获取表创建语句

E:\3>mysqlfrm --server=root:oracle@192.168.222.79:3306 --diagnostic T_XIFENFEI.frm
WARNING: Using a password on the command line interface can be insecure.
# Source on 192.168.222.79: ... connected.
# CAUTION: The diagnostic mode is a best-effort parse of the .frm file. As such, it may not identify all of 
  the components of the table correctly. This is especially true for damaged files. 
  It will also not read the default values for the columns and the resulting statement may not be syntactically correct.
# Reading .frm file for EVALUATOR_T.frm:
# The .frm file is a TABLE.
# CREATE TABLE Statement:

CREATE TABLE `T_XIFENFEI` (
  `ID` varchar(32) COLLATE `utf8_general_ci` DEFAULT NULL comment '主键',
  `BO_TYPE_DEFINE_ID` varchar(32) COLLATE `utf8_general_ci` DEFAULT NULL comment '业务对象类型ID',
  `MAIN_ID` varchar(32) COLLATE `utf8_general_ci` DEFAULT NULL comment '业务对象主表记录ID',
  `PARENT_ID` varchar(32) COLLATE `utf8_general_ci` DEFAULT NULL comment '父ID',
  `ROW_NUM` decimal(32,0) DEFAULT NULL comment '行号',
  `VERSION` decimal(32,6) DEFAULT NULL comment '版本',
  `CREATE_DATE` datetime DEFAULT NULL comment '创建时间',
  `UPDATE_DATE` datetime DEFAULT NULL comment '更新时间',
  `BO_SOURCE_ROW_ID` varchar(32) COLLATE `utf8_general_ci` DEFAULT NULL comment '来源明细行ID',
  `EVALUATORS` text COLLATE `utf8_general_ci` DEFAULT NULL,
  `IMPORTANCE` decimal(32,6) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8, COMMENT '评分人';
#...done.

对于有些获取语句失败,比如类似这样错误

E:\TEMP\10000246_1108\db\ync2_fssc_2000003>mysqlfrm --server=root:oracle@192.168.222.79:3306 --diagnostic T_XFF.frm
Traceback (most recent call last):
  File "G:\ade\build\Python-2.7.6-windows-x86-64bit\lib\site-packages\cx_Freeze\initscripts\Console.py",
    line 27, in <module>
  File "scripts\mysqlfrm.py", line 419, in <module>
  File ".\mysql\utilities\command\read_frm.py", line 396, in read_frm_files_diagnostic
  File ".\mysql\utilities\common\frm_reader.py", line 1538, in show_create_table_statement
  File ".\mysql\utilities\common\frm_reader.py", line 1385, in _build_create_statement
  File ".\mysql\utilities\common\frm_reader.py", line 1273, in _get_key_columns
IndexError: list index out of range

使用专门的工具对其进行解析
20211224105004

然后利用这些创建表语句在库中创建表,并利用以下方法进行操作

mysql> alter table  `t_xifenfei` discard tablespace;        
Query OK, 0 rows affected (0.00 sec)

--上传老的t_xifenfei.ibd文件,并修改所有者和属组

mysql> alter table  `t_xifenfei` import tablespace;                
Query OK, 0 rows affected, 2 warnings (0.01 sec)

mysql> select count(1) from   `t_xifenfei` ;              
+----------+
| count(1) |
+----------+
|       78 |
+----------+
1 row in set (0.00 sec)

使用类似的方法对于数据进行批量处理,然后使用mysqldump进行导出.在这个ibd的discard和import的过程中,有些异常情况这三种错误的处理

mysql> alter table T_LOG_XIFENFEI                   import tablespace;
ERROR 1808 (HY000): Schema mismatch (Table has ROW_TYPE_DYNAMIC row format, .ibd file has ROW_TYPE_COMPACT row format.)
mysql> alter table     `T_LOG_XIFENFEI` import tablespace;
ERROR 1817 (HY000): Index corrupt: Externally stored column(4) has a reference length of 4 in the cluster index PRIMARY
mysql> alter table       `T_LOG_XIFENFEI` import tablespace;
ERROR 1815 (HY000): Internal error: Cannot reset LSNs in table `XFF`.`T_LOG_XIFENFEI` : Data structure corruption

Schema mismatch (Table has ROW_TYPE_DYNAMIC row format, .ibd file has ROW_TYPE_COMPACT row format.) 这种错误是由于row_format设置不正确导致,重新创建表使用正确的row_format然后执行discard和import操作.
Index corrupt: Externally stored column(4) has a reference length of 4 in the cluster index PRIMARY 这种错误是由于表的创建语句和ibd中记录数据不匹配,主要是由于创建表语句不完全正确导致,重新获取正确语句进行恢复
Internal error: Cannot reset LSNs in table `XFF`.`T_LOG_XIFENFEI` : Data structure corruption 这种错误是由于ibd文件本身不一致无法使用该方法恢复,对于这类情况使用我们专业的工具进行处理
20211224142855

40T勒索加密Oracle数据库恢复

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:40T勒索加密Oracle数据库恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

前段时间恢复了一个近40T的被勒索加密的oracle数据库,这个是对勒索病毒加密数据库恢复以来,处理最大的单个勒索加密oracle数据库,对此做一个记录
20211202175154

20211203234342

20211203234409

20211203234441

20211203234506

20211203234531

其中一个分区表的lob字段20T
20211231142029

recover database 报kcbs_dump_adv_state恢复

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:recover database 报kcbs_dump_adv_state恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

数据库recover database报ORA-600 kcbrsearchflist_2,kcbs_dump_adv_state,ORA-600 kdBlkCheckError等错

Thu Dec 16 23:57:39 2021
ALTER DATABASE RECOVER  database   
Media Recovery Start
 started logmerger process
Parallel Media Recovery started with 8 slaves
Thu Dec 16 23:57:40 2021
Recovery of Online Redo Log: Thread 1 Group 3 Seq 82476 Reading mem 0
  Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO03.LOG
Thu Dec 16 23:57:41 2021
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr02_5628.trc  (incident=85419):
ORA-00600: internal error code, arguments: [kcbrsearchflist_2], [], [], [], [], [], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85419\orcl_pr02_5628_i85419.trc
Thu Dec 16 23:57:42 2021
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr04_668.trc  (incident=85435):
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85435\orcl_pr04_668_i85435.trc
Thu Dec 16 23:57:42 2021
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr03_5972.trc  (incident=85427):
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
ORA-10567: Redo is inconsistent with data block (file# 1, block# 2296, file offset is 18808832 bytes)
ORA-10564: tablespace SYSTEM
ORA-01110: data file 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\SYSTEM01.DBF'
ORA-10560: block type 'DATA SEGMENT HEADER - UNLIMITED'
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85427\orcl_pr03_5972_i85427.trc
Thu Dec 16 23:57:43 2021
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr05_5280.trc  (incident=85443):
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
ORA-10567: Redo is inconsistent with data block (file# 3, block# 128, file offset is 1048576 bytes)
ORA-10564: tablespace UNDOTBS1
ORA-01110: data file 3: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\UNDOTBS01.DBF'
ORA-10560: block type 'KTU SMU HEADER BLOCK'
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85443\orcl_pr05_5280_i85443.trc
Exception[type: ACCESS_VIOLATION, UNABLE_TO_READ][ADDR:0xFFFFFFFFFFFFFFFF][PC:0x1351BB9, kcbs_dump_adv_state()+1529]
Exception[type: ACCESS_VIOLATION, UNABLE_TO_READ][ADDR:0xFFFFFFFFFFFFFFFF][PC:0x1351BB9, kcbs_dump_adv_state()+1529]
ERROR: Unable to normalize symbol name for the following short stack (at offset 199):
dbgexProcessError()+193<-dbgeExecuteForError()+65<-dbgePostErrorKGE()+1726<-dbkePostKGE_kgsf()+75<-kgeade()+560
<-kgerev()+125<-kgerec5()+60<-sss_xcpt_EvalFilterEx()+1869<-sss_xcpt_EvalFilter()+174<-.1.4_5+59<-0000000077867958
<-000000007787812D<-000000007786855F<-000000007789BCB8<-kcbs_dump_adv_state()+1529<-kcbs_advice_dump()+214
<-dbkedDefDump()+16379<-ksedmp()+43<-ksfdmp()+87<-dbgexPhaseII()+1819<-dbgexProcessError()+2563
<-dbgeExecuteForError()+65<-dbgePostErrorKGE()+1726<-dbkePostKGE_kgsf()+75<-kgeade()+560<-kgerev()+125
<-kserec3()+111<-kcrcrl()+262<-krr_thread_read()+2718<-krr_read_buffer()+30<-krr_parse_redo()+2228
<-kcra_scan_redo()+10061<-kcra_dump_redo()+2246<-kcra_dump_redo_internal()+1752<-kcbr_mapply_change()+5953
<-kcbrapply()+2251<-kcbr_apply_pending()+2931<-kcbr_media_apply()+6901<-krp_slave_apply()+313<-krp_slave_main()+2545
<-ksvrdp()+2506<-opirip()+965<-opidrv()+909<-sou2o()+98<-opimai_real()+299<-opimai()+191
<-BackgroundThreadStart()+693<-00000000776459CD<-000000007787A561
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr03_5972.trc  (incident=85428):
ORA-07445: exception encountered: core dump [kcbs_dump_adv_state()+1529] [ACCESS_VIOLATION][ADDR:0xFFFFFFFFFFFFFFFF]
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
ORA-10567: Redo is inconsistent with data block (file# 1, block# 2296, file offset is 18808832 bytes)
ORA-10564: tablespace SYSTEM
ORA-01110: data file 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\SYSTEM01.DBF'
ORA-10560: block type 'DATA SEGMENT HEADER - UNLIMITED'
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85428\orcl_pr03_5972_i85428.trc
Exception [type: ACCESS_VIOLATION, UNABLE_TO_READ] [ADDR:0xFFFFFFFFFFFFFFFF] [PC:0x1351BB9, kcbs_dump_adv_state()+1529]
Exception [type: ACCESS_VIOLATION, UNABLE_TO_READ] [ADDR:0xFFFFFFFFFFFFFFFF] [PC:0x1351BB9, kcbs_dump_adv_state()+1529]
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr04_668.trc  (incident=85436):
ORA-07445: exception encountered:core dump [kcbs_dump_adv_state()+1529][ACCESS_VIOLATION][ADDR:0xFFFFFFFFFFFFFFFF]
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85436\orcl_pr04_668_i85436.trc
Thu Dec 16 23:57:44 2021
Trace dumping is performing id=[cdmp_20211216235744]
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr02_5628.trc  (incident=85420):
ORA-07445: exception encountered: core dump [kcbs_dump_adv_state()+1529] [ACCESS_VIOLATION] [ADDR:0xFFFFFFFFFFFFFFFF]
ORA-00600: internal error code, arguments: [kcbrsearchflist_2], [], [], [], [], [], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85420\orcl_pr02_5628_i85420.trc
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr05_5280.trc  (incident=85444):
ORA-07445: exception encountered: core dump [kcbs_dump_adv_state()+1529] [ACCESS_VIOLATION] [ADDR:0xFFFFFFFFFFFFFFFF]
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
ORA-10567: Redo is inconsistent with data block (file# 3, block# 128, file offset is 1048576 bytes)
ORA-10564: tablespace UNDOTBS1
ORA-01110: data file 3: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\UNDOTBS01.DBF'
ORA-10560: block type 'KTU SMU HEADER BLOCK'
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85444\orcl_pr05_5280_i85444.trc
Thu Dec 16 23:57:45 2021
Exception [type: ACCESS_VIOLATION, UNABLE_TO_READ] [ADDR:0x29FFFFFFE] [PC:0x7473E40B, 000000007473E40B]
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr06_4268.trc  (incident=85451):
ORA-07445: exception encountered: core dump [PC:0x7473E40B] [ACCESS_VIOLATION] [ADDR:0x29FFFFFFE] [PC:0x7473E40B] 
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85451\orcl_pr06_4268_i85451.trc
Trace dumping is performing id=[cdmp_20211216235745]
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85451\orcl_pr06_4268_i85451.trc:
ORA-00607: Internal error occurred while making a change to a data block
ORA-00602: internal programming exception
ORA-07445: exception encountered: core dump [PC:0x7473E40B] [ACCESS_VIOLATION] [ADDR:0x29FFFFFFE] [PC:0x7473E40B]
Process debug not enabled via parameter _debug_enable
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr04_668.trc:
ORA-00354: corrupt redo log block header
ORA-00353: log corruption near block 9889 change 997219782 time 12/15/2021 17:48:50
ORA-00312: online log 2 thread 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
Trace dumping is performing id=[cdmp_20211216235747]
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr04_668.trc  (incident=85437):
ORA-00600: internal error code, arguments: [kdBlkCheckError], [1], [2025], [6401], [], [], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85437\orcl_pr04_668_i85437.trc
Recovery Slave PR02 died 
Trace dumping is performing id=[cdmp_20211216235748]
Slave exiting with ORA-10562 exception
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr04_668.trc:
ORA-10562: Error occurred while applying redo to data block (file# 1, block# 2025)
ORA-10564: tablespace SYSTEM
ORA-01110: data file 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\SYSTEM01.DBF'
ORA-00600: internal error code, arguments: [kdBlkCheckError], [1], [2025], [6401], [], [], [], [], [], [], [], []
Thu Dec 16 23:57:48 2021
Sweep [inc][85451]: completed
Sweep [inc][85444]: completed
Media Recovery failed with error 448
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr00_3528.trc:
ORA-00283: recovery session canceled due to errors
ORA-00448: normal completion of background process
Slave exiting with ORA-283 exception
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_pr00_3528.trc:
ORA-00283: recovery session canceled due to errors
ORA-00448: normal completion of background process
ORA-10878 signalled during: ALTER DATABASE RECOVER  database   ...

尝试recover datafile报ORA-07445 kcbsacc错

ALTER DATABASE RECOVER  datafile 5  
Media Recovery Start
Serial Media Recovery started
Recovery of Online Redo Log: Thread 1 Group 3 Seq 82476 Reading mem 0
  Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO03.LOG
Exception [type: ACCESS_VIOLATION, UNABLE_TO_READ] [ADDR:0xFFFFFFFFFFFFFFFF] [PC:0x13467BB, kcbsacc()+5913]
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_6180.trc  (incident=85398):
ORA-07445: 出现异常错误: 核心转储 [kcbsacc()+5913] [ACCESS_VIOLATION] [ADDR:0xFFFFFFFFFFFFFFFF] [PC:0x13467BB]
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_85398\orcl_ora_6180_i85398.trc

通过上述报错分析,基本上确认是由于异常断电导致redo和数据文件的block不一致引起,尝试强制open库,数据库报ORA-600 2662错误

Fri Dec 17 11:41:40 2021
alter database open resetlogs
RESETLOGS is being done without consistancy checks. This may result
in a corrupted database. The database should be recreated.
RESETLOGS after incomplete recovery UNTIL CHANGE 997234250
Resetting resetlogs activation ID 1489370600 (0x58c5fde8)
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc:
ORA-00367: 日志文件标头中的校验和错误
ORA-00322: 日志 1 (用于线程 1) 不是最新副本
ORA-00312: 联机日志 1 线程 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO01.LOG'
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc:
ORA-00367: 日志文件标头中的校验和错误
ORA-00322: 日志 2 (用于线程 1) 不是最新副本
ORA-00312: 联机日志 2 线程 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO02.LOG'
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc:
ORA-00367: 日志文件标头中的校验和错误
ORA-00322: 日志 3 (用于线程 1) 不是最新副本
ORA-00312: 联机日志 3 线程 1: 'D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO03.LOG'
Fri Dec 17 11:41:46 2021
Setting recovery target incarnation to 2
Fri Dec 17 11:41:46 2021
Assigning activation ID 1619342902 (0x60853636)
Thread 1 opened at log sequence 1
  Current log# 1 seq# 1 mem# 0: D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO01.LOG
Successful open of redo thread 1
Fri Dec 17 11:41:46 2021
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Fri Dec 17 11:41:47 2021
SMON: enabling cache recovery
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc  (incident=89000):
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234264], [0], [997238345], [12583088], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_89000\orcl_ora_7112_i89000.trc
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc:
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234264], [0], [997238345], [12583088], []
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc:
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234264], [0], [997238345], [12583088], []
Error 600 happened during db open, shutting down database
USER (ospid: 7112): terminating the instance due to error 600
Instance terminated by USER, pid = 7112
ORA-1092 signalled during: alter database open resetlogs...
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc  (incident=89001):
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234266], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-01092: ORACLE 实例终止。强制断开连接
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234264], [0], [997238345], [12583088], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_89001\orcl_ora_7112_i89001.trc
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc  (incident=89002):
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234267], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234266], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-01092: ORACLE 实例终止。强制断开连接
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234264], [0], [997238345], [12583088], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_89002\orcl_ora_7112_i89002.trc
Fri Dec 17 11:41:57 2021
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc:
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234267], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234266], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-01092: ORACLE 实例终止。强制断开连接
ORA-00600: 内部错误代码, 参数: [2662], [0], [997234264], [0], [997238345], [12583088], [], [], [], [], [], []
Fri Dec 17 11:41:59 2021
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7112.trc  (incident=90048):
ORA-00603: ORACLE server session terminated by fatal error
ORA-00600: internal error code, arguments: [2662], [0], [997234267], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [2662], [0], [997234266], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-00600: internal error code, arguments: [2662], [0], [997234264], [0], [997238345], [12583088], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_90048\orcl_ora_7112_i90048.trc
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_90048\orcl_ora_7112_i90048.trc:
ORA-00603: ORACLE server session terminated by fatal error
ORA-00600: internal error code, arguments: [2662], [0], [997234267], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [2662], [0], [997234266], [0], [997238345], [12583088], [], [], [], [], [], []
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-00600: internal error code, arguments: [2662], [0], [997234264], [0], [997238345], [12583088], [], [], [], [], [], []

通过修改scn数据库open正常

Fri Dec 17 11:48:37 2021
alter database open 
Fri Dec 17 11:48:38 2021
SMON: enabling cache recovery
Database Characterset is ZHS16GBK
No Resource Manager plan active
Completed: alter database open

由于该库非一致性恢复,逻辑方式导出数据并导入新库,恢复完成