Security2CC_CannotDecode errors

[kpine]

I turned on a Binary Switch which acts as a momentary button (Zooz Zen17). The usual behavior is for the switch to turn on, than a short time later the device will report the switch off. This morning I tried and noticed the switch didn't turn off. Checked the logs and see a bunch of Security2CC_CannotDecode errors, than an apparent inability to renegotiate a nonce value. So while the Set was successful (the garage door did open), the report from the device and the manual refresh of the value (Get) look to have failed. I then did a manual refresh of the CC (from z2m) and it immediately refreshed the value, and the security errors stopped.

Questions:

1. Is this a device problem, or is this a driver problem in the Set and Get value path, that failed to handle the error properly?
2. Why was the Set able to work, and only Reports failed?
3. If it's a device problem, why did a manual refresh start working immediately?

The node in question is Node 47. The sequence starts on line 3320 (2021-12-14T16:37:32.645Z). Not sure if this is significant or not, but the device exposes multiple endpoints (root + 1 and 2) and the target here is endpoint 1. So the original Set and Get are for endpoint 1, while the CC refresh will refresh all endpoints.

zwavejs_2021-12-14.log

[AlCalzone]

This seems to have been a really suboptimal sequence of messages.

The driver controls endpoint 1, but the device reports the change on the root device, so the verification poll is not canceled. Almost at the same time the verification poll is done, the node reports again, causing a collision.
The send attempt was a bit before that, so the shared encryption state has advanced, making the nonce of the incoming message invalid. From there it goes haywire.

I think the proper solution here would be not to increment the encryption state until the message has actually been sent.