Recently had an aircraft using an Orange cube and Zubax Myxa ESCs experience a crash.
The aircraft had been flying fine for a couple of hours worth of flights with the orange cube and failed without any forewarning.
The Cube and ESCs were set up to use both CAN chains so if one were to fail the ESC’s should still continue working.
The crash was caused by all the ESC’s going into what would be observed as no signal fail-safe. After a very small window of no valid input the ESC’s are set to bring the motors to 0 RPM
This has been tested and failover from one CAN chain to the other does work on bench tests.
There are two pieces of evidence that point towards the CAN interfaces failing simultaneously.
There are no CESC messages recorded roughly 3 sec before the crash, every other message is present during the free fall until impact and the battery is ejected.
It is highly unlikely both chains had a mechanical failure at the exact same time. It may be possible that one had already failed (damaged crimp maybe) and the second one happened to fail at this point.
I do not see any way to determine if messages are being sent/received over different CAN chains, is the possible to view in a log and/or in MP? This would be useful in everyday use to be able to know if both CAN chains are functioning before a flight, redundant data lines are pointless if there is no warning if one has failed.
I do not believe the ESC’s (or the aircraft as a whole) suffered a critical power issue either. In the 3 seconds before the log ends but after the CESC messages stop there is a strong negative current draw observed by Bat and Bat2 current sensors which would point towards the ESCs breaking the motors and the regenerative breaking effects being observed.
Log file is to big to upload, is available via the below onedrive link
https://1drv.ms/u/s!AsaL4ATwLTb0kPIIv8c8uVZ9ZC4mMA?e=Iz0kvm