Hello,
Recently, I have following error messages to console from 2 sunfire
computers, v240 and v210.

Error message:
=====
ide0: reset timed-out, status=-xd0
hda: staus timeout, status-0xd0 { Busy }
hda: drive not ready for command
end_request: I/O error dev 03:01 (hda) sector 262360
EXT2-fs error (device ide0(3,1)): ext2-write-inode: unable to read
inode block - inode=16650, block=32795
=====

I don't think I have any ide drive connected, both computers have
2x73GB SCSI disks install.
One has DVD drive, another one doesn't. Also I don't think my computer
has EXT2 file system.
I also have another v210, that works fine without error messages.

Anyone has the same problem? or anyone knows the reason?
TIA,
KAKU

KAKU <happy2005k@gmail.com> wrote:
> Hello,
> Recently, I have following error messages to console from 2 sunfire
> computers, v240 and v210.
> 
> Error message:
> =====
> ide0: reset timed-out, status=-xd0
> hda: staus timeout, status-0xd0 { Busy }
> hda: drive not ready for command
> end_request: I/O error dev 03:01 (hda) sector 262360
> EXT2-fs error (device ide0(3,1)): ext2-write-inode: unable to read
> inode block - inode=16650, block=32795
> =====

these are linux/garbage errors. ext2 is linux filesystem.

Are you looking at logs from the correct machines?

On Oct 25, 8:55=A0pm, Cydrome Leader <prese...@MUNGEpanix.com> wrote:
> KAKU <happy20...@gmail.com> wrote:
> > Hello,
> > Recently, I have following error messages to console from 2 sunfire
> > computers, v240 and v210.
>
> > Error message:
> > =3D=3D=3D=3D=3D
> > ide0: reset timed-out, status=3D-xd0
> > hda: staus timeout, status-0xd0 { Busy }
> > hda: drive not ready for command
> > end_request: I/O error dev 03:01 (hda) sector 262360
> > EXT2-fs error (device ide0(3,1)): ext2-write-inode: unable to read
> > inode block - inode=3D16650, block=3D32795
> > =3D=3D=3D=3D=3D
>
> these are linux/garbage errors. ext2 is linux filesystem.
>
> Are you looking at logs from the correct machines?

Thank you - Cydrome Leader,
The system is running Solaris, one is Solaris 9 and anothe one is
Solaris 10,
So that I felt very strange. Could it be CDROM? But one of the SUNs
doesn't have a CDROM.

I also tried to look into the log files, but cannot find such logs in /
var/adm and /var/log.
Can you please let me know where the console errors are logged to?

KAKU <happy2005k@gmail.com> wrote:

>> these are linux/garbage errors. ext2 is linux filesystem.
>>
>> Are you looking at logs from the correct machines?

> Thank you - Cydrome Leader,
> The system is running Solaris, one is Solaris 9 and anothe one is
> Solaris 10,
> So that I felt very strange. Could it be CDROM? But one of the SUNs
> doesn't have a CDROM.


Yeah but he's right, I don't think any Solaris does anything with EXT2-fs.

Best guess I have is there is linux box "near by"?

Maybe it's sending the syslog messages to that (those) because they/it is
defined as a loghost?

I'm pretty sure the message is coming from somewhere else, is why you can't
find it in the /var/log or /var/adm directories. If you are using ipfilter
on those machines for a firewall, try blocking port 514/udp and see if that
stops it.

-bruce
bje@ripco.com

KAKU <happy2005k@gmail.com> wrote:
> On Oct 25, 8:55?pm, Cydrome Leader <prese...@MUNGEpanix.com> wrote:
>> KAKU <happy20...@gmail.com> wrote:
>> > Hello,
>> > Recently, I have following error messages to console from 2 sunfire
>> > computers, v240 and v210.
>>
>> > Error message:
>> > =====
>> > ide0: reset timed-out, status=-xd0
>> > hda: staus timeout, status-0xd0 { Busy }
>> > hda: drive not ready for command
>> > end_request: I/O error dev 03:01 (hda) sector 262360
>> > EXT2-fs error (device ide0(3,1)): ext2-write-inode: unable to read
>> > inode block - inode=16650, block=32795
>> > =====
>>
>> these are linux/garbage errors. ext2 is linux filesystem.
>>
>> Are you looking at logs from the correct machines?
> 
> Thank you - Cydrome Leader,
> The system is running Solaris, one is Solaris 9 and anothe one is
> Solaris 10,
> So that I felt very strange. Could it be CDROM? But one of the SUNs
> doesn't have a CDROM.
> 
> I also tried to look into the log files, but cannot find such logs in /
> var/adm and /var/log.
> Can you please let me know where the console errors are logged to?

they'll end up in /var/adm/messages, and this file rotates, so it may be 
messages.0 or something like that, or just gone all together.

Wherever these messages are coming from, they're not solaris errors.

On Oct 29, 10:48=A0am, Cydrome Leader <prese...@MUNGEpanix.com> wrote:
> KAKU <happy20...@gmail.com> wrote:
> > On Oct 25, 8:55?pm, Cydrome Leader <prese...@MUNGEpanix.com> wrote:
> >> KAKU <happy20...@gmail.com> wrote:
> >> > Hello,
> >> > Recently, I have following error messages to console from 2 sunfire
> >> > computers, v240 and v210.
>
> >> > Error message:
> >> > =3D=3D=3D=3D=3D
> >> > ide0: reset timed-out, status=3D-xd0
> >> > hda: staus timeout, status-0xd0 { Busy }
> >> > hda: drive not ready for command
> >> > end_request: I/O error dev 03:01 (hda) sector 262360
> >> > EXT2-fs error (device ide0(3,1)): ext2-write-inode: unable to read
> >> > inode block - inode=3D16650, block=3D32795
> >> > =3D=3D=3D=3D=3D
>
> >> these are linux/garbage errors. ext2 is linux filesystem.
>
> >> Are you looking at logs from the correct machines?
>
> > Thank you - Cydrome Leader,
> > The system is running Solaris, one is Solaris 9 and anothe one is
> > Solaris 10,
> > So that I felt very strange. Could it be CDROM? But one of the SUNs
> > doesn't have a CDROM.
>
> > I also tried to look into the log files, but cannot find such logs in /
> > var/adm and /var/log.
> > Can you please let me know where the console errors are logged to?
>
> they'll end up in /var/adm/messages, and this file rotates, so it may be
> messages.0 or something like that, or just gone all together.
>
> Wherever these messages are coming from, they're not solaris errors.- Hid=
e quoted text -
>
> - Show quoted text -

Hi Cydrome and Bruce,

I finally found the problem by accident.
Basically it's an attack to rpc.ypupdate slammer exploit.
Please refer to this page (sorry it's Chinese).
http://bbs.17kf8.com/archiver/?tid-6063.html

1) first I found a new user in my passwd file. I had no memory when I
added it.
sunday:x:0:1::/dev/sunday:/bin/csh

2) I tracked down it's home directory /dev/sunday, and found the shit
# ls -l /dev/sunday
total 88
-rw-r--r--   1 root     other      20480 Mar 19  2008 2008-ypk2008.tar
-rw-r--r--   1 root     root         261 Mar 19  2008 README
-rwxrwxrwx   1 root     other      15920 Aug 29  2004 gem
-rw-------   1 root     root        2245 Mar 19  2008 ypk.c
-rw-------   1 root     root        3213 Apr  5  2000 ypupdate_prot.h

3) I search on the web by 2008-ypk2008.tar and found the page above.

4) I found a remote user logged in the box using 'who' command
sunday     pts/2        Oct 26 18:35
(189107129243.user.veloxzone.com.br)
very dangerous, it's logged in as root privileges.

5) fortunately, there is no 'ypupdated' process running on my box,
I guess that's because I am running Solaris 9.

6) I deleted the user manually from passwd and shadow.

7) I killed the login process from that user.

8) the error message stopped.

Thanks very much for your help and tips.
And hope this information is helpful for others.

KAKU