[FYI] Critical low-level Zigbee coordinator firmware bug in old Texas Instruments Z-Stack 3

Configuration Zigbee
1

FYI, Wwalltt posted a firmware upgrade recommendation yesterday on Home Assistant Reddit channel:

https://www.reddit.com/r/homeassistant/comments/l9uhvm/psa_zigbee_network_lockup_bug_affecting/

PSA: Zigbee network lockup bug affecting Zigbee2mqtt and ZHA (zigpy-znp) fixed

Just as a public service announcement, a long-standing bug in Texas Instruments Z-Stack that caused lockups and network shutdown on zigbee2mqtt and ZHA (when using a TI board) has just been fixed.

The bug would be very rare for some or most users, but more common for users with a large (100+) number of devices. The symptoms would be loss of communication with the Zigbee coordinator radio. The serial port would still be present, but nothing would be returned from Z-Stack.

This bug affected:

  • Electrolama Zig-a-Zig-Ah (ZZH)
  • Slaesh CC2652 stick
  • Texas Instruments CC1352P2
  • Texas Instruments CC26X2R1
  • Texas Instruments CC2538

Here is the link to the updated ZStack firmware (dated 2021-01-20) that is supposed to fix the issue:

https://github.com/Koenkk/Z-Stack-firmware/tree/master/coordinator/Z-Stack_3.x.0/bin

Update! Link updated as Koenkk has moved these updated firmware image files from the “develop” tree to the “master” (mainline) tree.

Here are the Texas Instrument release notes:

http://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/4.40.00.44/exports/changelog.html

ZIGBEE-1172 NPI memory leak from buffer deallocation order

Tip! Be sure to do a backup of NVRAM before upgrading the firmware as may need to restore it after.

https://github.com/zigpy/zigpy-znp#nvram

Update today and share your results if this issue has been affecting you.

3 Likes
2

Using Slaesh CC2652 stick as my coordinator, I did the update yesterday !
And it was a pain in the ass to keep 5 small Dupont cables in place with one hand while the other hand was using the mouse to start the firmware flash !!! :stuck_out_tongue:
But flash was successfull after a few tries.

I’ve been using this coordinator for 3 or 4 months with about 55 zigbee modules without any issue so far.

3

Did you have any issues after upgrading? Someone reported ZHA errors with slae.sh CC2652RB here:

https://github.com/zigpy/zigpy-znp/issues/63

Sounds his flashing got corrupted or something so maybe post some tips there to him if you could.

Did you have to do that? Should button marked “BL” not activate BSL bootloader for using cc2538-bsl?

https://slae.sh/projects/cc2652/

To use this tool, we need to put the Chip manually into the Bootloader.

This is done by pressing the buttons in a specific way:

  • Press and hold the bootloader-enable button (nearest to the chip, marked with small “BL”)
  • Just press/click the reset-button (nearest to the usb-connector, marked with small “RST”)
  • The bootloader-pin can be released.

The Chip will check during the startup the bootloader-enable-pin. If its “set”, the bootloader is executed. Otherwise the Application would start!

I got Electrolama Zig-a-Zig-Ah (ZZH) CC2652R myself and is very easy to activate BSL bootloader on it.

https://github.com/electrolama/docs/blob/4fdfb9a120751223fe373b9471a0564757722345/docs/projects/zig-a-zig-ah.md#flashing-using-bsl

To trigger the ROM bootloader, follow these steps:

  • Unplug zzh from the host

  • Press the BSL button on the board and keep holding while plugging the device back into the host:

    zzh BSL pushbutton

  • Give it a few seconds for the device to settle and set up and release the BSL button

  • zzh should now be in ROM bootloader mode

4

I don’t use ZHA but Zigbee2MQTT.
Everything is fine for the moment.

Unfortunately I won’t be of any help. I’m just a random user following guides. I have no clue about what Im’ doing ! :stuck_out_tongue:
The only info I can provide is that my CC2652RB with new firmware 20210128 works pretty fine with Zigbee2MQTT HA addon. I did not loose any pairing, and my zigbee network have been stable for 12 hours since the upgrade.

Oh sorry. Confusion ! Disregard what I said ! I ended those firmware udpates at 2AM last night… :frowning:

It was for my main zigbee router firmware update (this one CC2530 + CC2592 - Zigbee dongle from Giovanni’s Domotica Store on Tindie) that I had to hold the 5 cables ! I also flashed a second standard CC2530 router.

For the CC2652RB coordinator though, I did not even had to press any button, just put the coordinator USB stick in the laptop USB port, follow the procedure and use some python command lines :
CC2652R stick - slae.sh
It was easy compared to my 2 CC5230 routers that I did just before and required Texas Instrument device and SmartRF Flash software.

5

Okay, I upgraded my zzh firmware to CC2652R_20210120 sadly I had to repair and redo everything :frowning: However I’m not sure if that is normal or my fault. What struck me ad odd is, that the name of the former firmware I used was: znp_CC26X2R1_LAUNCHXL_tirtos_ccs so I’m not sure if this is an issue for everyone, or just me because I used an strange firmware beforehand.

6

My previous CC2652RB coordinator firmware was named something like “20200925” or something close to that.

7

The firmware upgrade procedure is exactly the same regardless if use ZHA, Zigbee2MQTT, or others.

8

Note! ZHA devs recommended to upgrade to a newer firmware on all CC2652 and CC1352 adapters:

https://github.com/zigpy/zigpy-znp/issues/62

Suggest backup NVRAM of Texas Instruments adapters with zigpy-znp before upgrading firmware:

https://github.com/zigpy/zigpy-znp#nvram

Also, if want to help the community then suggest test this new firmware with either Zigbee2MQTT and ZHA report result to both https://github.com/zigpy/zigpy/discussions/655 and to https://www.reddit.com/r/homeassistant/comments/l9uhvm/psa_zigbee_network_lockup_bug_affecting/