I had a brief failsafe the other day while in FPV and managed to survive it.
I'm flying Pixhawk on a DiscoveryPro with the APM power module, and EzUHF-JR module on a Taranis. After looking at my logs, it certainly appears that I had a classic Throttle FS (set to AlwaysLand). I toggled my FM to recover, but in looking at the logs, I saw something I've not yet seen (but I'm new to APM):
Flying in Stabilize, at about 800 feet away at 60 feet ASL, I got this sequence:
I do not have Battery failsafe enabled, and both my main battery and Vcc were stable during the event (it does not appear to be a brownout). I'm not sure why I got a BATT FS, or why there are RADIO_1 AND RADIO_0 messages (or how they are different). I would have expected to have, maybe, one of the RADIO_X messages first if this were a throttle FS.
Can somebody crack open my log and help me understand exactly what happened, and why the sequence listed above occured?
I am doing some further tests of why I might have had a radio failsafe, but am trying to better understand what the Pixhawk's version of the story is.
Have you received any responses to this??
I am sure you noticed your "throttle in" dropped to zero when your errors occurred. This induced your failsafe.
I have a similar problem with my APM 2.5. Not yet sure why this happens but have ruled out radio system because it happens with my JR8103 and my Jeti DC-16. 72 Mhz and 2.4ghz.
APM seems to be reading incorrectly the throttle input channel. Very intermittent, and not every flight.
It has never happened again since then, fortunately, but I wish I understood why it happened. Prob with AC 3.2, I'm guessing that this might have gotten washed away in newer code.
I have a short look at the logs.
FS_BATT_VOLTAGE is set to 14 V, the voltage drops below 14 volts.
this is warning on 3.2 beta
Warning #2: There is a throttle/radio failsafe bug (on this line) affecting PX4/Pixhawk users which can cause a throttle failsafe to be triggered if signals from the receiver stop (i.e. TX turned off or receiver is disconnected) even though the throttle failsafe has been disabled through the mission planner. This is generally not dangerous because it's nearly always a good idea to have this failsafe enabled. This will be fixed in -rc4.
Hello Rainer, thanks for having a look. My understanding is that you have to have failsafe enabled for it to activate, but failsafe was disabled, you can see that in the logs. Further thoughts?
A few points on this matter. I can't open the log file at the moment, so this is general, not specific to your event.
You should never fly without the throttle failsafe enabled (aka radio failsafe). Leaving it disabled means if your transmitter dies, receiver dies, or you fly out range, your bird will just fly off into la-la-land, causing damage and possibly injury. I suggest setting it for Enabled Always RTL. I would never set it for Land since you would have no control over who or what it is landing on. You can also set it for Enabled Continue in Auto which will ignore the loss of radio while on an auto mission. That way your auto mission can fly beyond control range. It also gives you a nice "Oh crap" feature... just turn off the transmitter and it will come home.
You should never fly without a battery failsafe set for something intelligent based on the type of flying you do. You need to set it so that you have enough battery left to make it home. Leaving it disabled means your bird will simply drop out of the sky crashing into whatever and whoever happens to be under it when the battery dies. Keeping tabs on a timer should keep you in one piece, but who has never burned their dinner in the oven?
Here is what I did: I know with my 4S 5000mah battery, it will die and fall out of the sky at 14 minutes. I sacrificed a banged up battery to test this. That is 360mah per minute average power consumption. The 3DR power module only accurately measures current in a narrow window. My balance charger confirms that I actually used 5000mah. But Arducopter only saw 4000mah used. So I set the battery capacity to 4000 instead of 5000. Now a reading of zero percent is really zero percent. The measured 4000mah in 14 minutes is 300mah per minutes measured on the APM, so that is the figure I'll use to calculate the failsafe figures.
So, my timer beeps at 4 minutes left and I come home on my own. If for some reason I don't notice or the timer is reset by accident, the failsafes provide protection. And they do so with enough battery capacity remaining to actually make it home!
Thanks, Pedals, but I respectfully disagree. I have been flying multis a long time and am very used to not having a safety net. My throttle failsafe is to cut throttle. It will never drift away, it will drop and that is the penalty I pay for my aircraft not being airworthy, or me "forgetting" to pay attention. It will not fall onto whoever because I don't fly over people or property. I am thus forced to pay attention to my gauges instead of allowing myself to "forget". I don't care for totally automated "oh crap" stuff. I am the pilot in command and don't want my quad to do anything w/o me instructing it to. There are terrain issues that RTL or land would cause my copter to crash. Like taking off under a tree canopy for proximity flying. I use RTL but only if I command it. Just a different approach. And I don't fly out of control range; I got tired of this happening so I fly UHF so that this never happens anymore.
Your setup might be perfect for you, but realize that that setup can get people into serious trouble, too, especially inexperienced pilots.
I totally agree that there can be circumstances where you wouldn't want it to RTL on its own, such as being under a canopy, indoors, etc. In such circumstances, I disable it.
However as to the rest, I definitely disagree. Basically what you've said is "I am too smart to need failsafes". Like I said, let he who has never messed up cooking dinner be the first. Perfectly airworthy aircraft can have a mechanical failure. Perfectly airworthy aircraft can have a tx/rx failure. Perfectly airworthy aircraft can have a battery kick the bucket in flight. You are extremely arrogant to think otherwise, that just because you're so smart, nothing bad will happen unless you want it to.
If RTL isn't practical, there is always the land option instead. At least it will come back to earth slowly. And if Land isn't practical, fine, turn them off completely. But turn them off because they're impractical for the circumstances at hand. Not because you think you and your aircraft are infallible.
Why are you attempting to educate me? Lay off. I have no problem with your setup, but I do have a problem with your heavy-handedness and condescending tone. I am an experienced pilot, please treat me with respect as I respect your position but prefer my setup otherwise.
I have had many many crashes, due to mechanical, radio, battery, and pilot failures. Hundreds. And I pay for them when this happens. I am not too smart to avoid this, I just prefer to take my licks when it happens and figure out how to make it not happen again. I used to order props by the dozen, flew several packs a day, and crashed a lot. I now order props very rarely, and don't crash much anymore. I have built, rebuilt, and rebuilt again countless times, I am not infallible, I just disagree with your direct suggestion to me about how I fly. You don't know me. If you did, we'd probably be having a beer and talking multis and having a good time.
For the record: I fly multis w/o GPS, and with those, the only failsafe is either descend slowly (read: drift out of control) or stop flying. The last thing I want is my multi to continue under power to potentially a place with kids, dogs, people whatever. So I have not RTL or Land or anytihng. That is what I am used to, and what I am comfortable with.
I believe it was the part where you proclaimed the only way your aircraft could possibly crash is if you personally make an error which you don't do anymore. All I did was point out that is simply untrue. I said nothing about your abilities
What I meant is that I don't want a co-pilot to suddenly be in charge w/o me asking it to do so.
And here is why I disagree: On the 16th, you posted an issue where
"While in Alt Hold at about 5 feet, the battery failsafe kicked in. But instead doing what RTL should do, it again went to the left. No altitude change, just left roll as if going somewhere else. This time I caught it, switched to stab, and recovered it."
You are a good pilot to be able to recover, but an inexperienced pilot might not have known how to control it or to recover, and that left roll could have taken it to a bad place. This is precisely why I don't have auto RTL. If that happened to you beyond LOS, and you were relying on it to come back because of a failure, it would have flown, under power, anywhere it wanted to go. Your preference, not mine.