Software bug fingered as cause of Aussie A330 plunge
The problem was fixed by turning the unit off and then on again
The final report into the 2008 Qantas flight QF72, which unexpectedly dived twice during a routine flight, has blamed a combination of software and hardware errors for the incident.
On 7 October 2008, the Australian-owned A330-303 aircraft was cruising at 37,000 feet when the autopilot disengaged and the aircraft rose, before plunging downwards sharply, injuring 110 of the aircraft’s 303 passengers and three-quarters of the cabin crew. Three minutes later the aircraft did it again, and the flight crew was bombarded with warnings from the instrumentation – almost all of them false.
The pilots issued a PAN distress call, but upgraded this to MAYDAY after seeing the seriousness of the injuries onboard. They disabled the automatic pilot and throttle control systems and then managed the approach and landing at Learmonth, Western Australia using backup instruments. Since the source of the problems couldn’t be immediately identified the crew used manual pressurisation control and braking equipment because the automatic systems weren’t trusted. In all, 51 passengers and crew required hospitalisation following the incident.
The Australian Transport Safety Bureau’s (ATSB) final report found that one of the three air data inertial reference units (ADIRUs) installed on the A330-303 aircraft began to malfunction and went into failure mode before the incident. It then began feeding false information into the flight control systems, and the software algorithms designed to handle the information couldn’t cope, causing the erratic behavior.
Sometimes black boxes are more of a hindrance than a help
The Airbus carries three ADIRUs for safety, and the airplane’s flight control systems use data from two of the units to determine the plane’s position and attitude. When the data from the first two ADIRUs is inconsistent then the flight computer uses the data it received 1.2 seconds previously. However, the software couldn’t handle the two ADIRUs putting out data spikes that were more than 1.2 seconds apart and this caused the plane to behave erratically.
The problem was fixed by turning the unit off and then on again. It’s not clear what caused the ADIRU to shift into failure mode, as this is only the third time that it has happened in over 128 million hours of operation – although one of those other incidents was down to the same ADIRU in that aircraft. The investigators checked all the usual suspects, including the use of electronic equipment by passengers, but were unable to find a fault and suggested it may be down to a high-energy atmospheric particle striking one of the integrated circuits within the unit.
The report also blamed passengers for the relatively high level of injuries caused in the incident. Around 60 people were flying without their seatbelts fastened, despite being warned not to do so, and many were slightly or seriously injured after being thrown into the ceiling or side panels of the aircraft.
Airbus did not respond to requests for comment from El Reg. ®
Sponsored: Navigating the threat landscape