June 19, 2025, 14:36:00 GMT
permalink Post: 11906073
I have read most of the thread (old and new). As a lawyer working in forensic investigations, I am constantly involved in problem-solving. My field of work also includes complex investigations related to insolvencies, which almost always require an analysis of the causes behind a specific, established outcome. In doing so, I naturally also have to deal with probabilities. However, it often turns out that the most likely or plausible explanation does not reflect what actually happened.
Many of the considerations I\x92ve read fail because the simultaneous failure of both engines is extremely unlikely, leading to a constant search for higher-order causes. It was suggested that an incorrect altitude setting led to an early thrust reduction. However, this would not explain the deployment of the RAT (Ram Air Turbine), especially since the thrust could have been readjusted. FADEC and TCAM are highly redundant systems, and TCAM failure is unlikely due to WOW (Weight on Wheels) logic, making a simultaneous engine failure after VR equally improbable.
With that said, and with regard to my question concerning the AD that relates to the fuel control switches (FCS), my thought\x97and it was nothing more than that\x97was that their activation becomes more probable if it can occur accidentally. That\x92s how I came across SAIB: NM-18-33.
Another user then brought up an iPhone. That notion would, of course, be dramatic\x97but how unlikely is it really that after approximately 10,000 actuations between December 2013 and June 2025, the two FCS no longer lock perfectly? Considering all of this, I find it quite conceivable that the A/T slightly reduced thrust in the first seconds after VR (e.g., if an incorrect target altitude had been entered) and that an object lying between the thrust levers and the FCS could have pushed the FCS into the \x93Off\x94 position. Due to the buttons on top of the switches, which provide some resistance, it\x92s even possible that the object both pulled and pushed them.
But all of this is speculation. The investigation report will bring clarity.
Even if my theory is not confirmed, I still believe that the positioning and mechanism of the FCS are suboptimal. Switches of such critical importance should be better protected, and movements in the area in front of the switches (like reducing thrust) should not follow the same direction as shutting off the fuel supply. A different switching direction alone would provide more safety\x97especially considering that the FCS are protected laterally by metal plates.
Many of the considerations I\x92ve read fail because the simultaneous failure of both engines is extremely unlikely, leading to a constant search for higher-order causes. It was suggested that an incorrect altitude setting led to an early thrust reduction. However, this would not explain the deployment of the RAT (Ram Air Turbine), especially since the thrust could have been readjusted. FADEC and TCAM are highly redundant systems, and TCAM failure is unlikely due to WOW (Weight on Wheels) logic, making a simultaneous engine failure after VR equally improbable.
With that said, and with regard to my question concerning the AD that relates to the fuel control switches (FCS), my thought\x97and it was nothing more than that\x97was that their activation becomes more probable if it can occur accidentally. That\x92s how I came across SAIB: NM-18-33.
Another user then brought up an iPhone. That notion would, of course, be dramatic\x97but how unlikely is it really that after approximately 10,000 actuations between December 2013 and June 2025, the two FCS no longer lock perfectly? Considering all of this, I find it quite conceivable that the A/T slightly reduced thrust in the first seconds after VR (e.g., if an incorrect target altitude had been entered) and that an object lying between the thrust levers and the FCS could have pushed the FCS into the \x93Off\x94 position. Due to the buttons on top of the switches, which provide some resistance, it\x92s even possible that the object both pulled and pushed them.
But all of this is speculation. The investigation report will bring clarity.
Even if my theory is not confirmed, I still believe that the positioning and mechanism of the FCS are suboptimal. Switches of such critical importance should be better protected, and movements in the area in front of the switches (like reducing thrust) should not follow the same direction as shutting off the fuel supply. A different switching direction alone would provide more safety\x97especially considering that the FCS are protected laterally by metal plates.
June 19, 2025, 14:51:00 GMT
permalink Post: 11906087
OK, I promised some
informed speculation
when I got back, so here goes:
Disclaimer: never worked the 787, so my detailed knowledge is a bit lacking.
First off, this is perplexing - especially if the RAT was deployed. There is no 'simple' explanation that I can come up with.
GEnx-1B engines have been exceptionally reliable, and the GE carbon composite fan blades are very robust and resistant to bird strike damage (about 15 years after the GE90 entry into service, I remember a GE boast that no GE90 (carbon composite) fan blades had needed to be scrapped due to damage (birdstrike, FOD, etc. - now that was roughly another 15 years ago, so is probably no longer true, but it shows just how robust the carbon composite blades are - far better than the more conventional titanium fan blades).
Not saying it wasn't somehow birdstrike related, just that is very unlikely (then again, all the other explanations I can come up with are also very unlikely
).
Using improper temp when calculating TO performance - after some near misses, Boeing added logic that cross-compares multiple total temp probes - aircraft TAT (I think the 787 uses a single, dual element probe for aircraft TAT, but stand to be corrected) and the temp measured by the engine inlet probes - and puts up a message if they disagree by more than a few degree tolerance - so very, very unlikely.
N1 power setting is somewhat less prone to measurement and power setting errors than EPR (N1 is a much simpler measurement than Rolls EPR) - although even with EPR, problems on both engines at the same time is almost unheard of.
The Auto Thrust (autothrottle) function 'falls asleep' at 60 knots - and doesn't unlock until one of several things happens - 250 knots, a set altitude AGL is exceeded (I'm thinking 3,000 ft. but the memory is fuzzy), thrust levers are moved more than a couple of degrees, or the mode select is changed (memory says that last one is inhibited below 400 ft. AGL). So an Auto Thrust malfunction is also extremely unlikely. Further, a premature thrust lever retard would not explain a RAT deployment.
TO does seem to be very late in the takeoff role - even with a big derate, you still must accelerate fast enough to reach V1 with enough runway to stop - so there is still considerable margin if both engines are operating normally. That makes me wonder if they had the correct TO power setting - but I'm at a loss to explain how they could have fouled that up with all the protections that the 787 puts on that.
If one engine did fail after V1, it's conceivable that they shut down the wrong engine - but since this happened literally seconds after takeoff, it begs the question why they would be in a big hurry to shut down the engine. Short of an engine fire, there is nothing about an engine failure that requires quick action to shut it down - no evidence of an engine fire, and even with an engine fire, you normally have minutes to take action - not seconds.
The one thing I keep thinking about is someone placing both fuel switches to cutoff immediately after TO. Yes, it's happened before (twice - 767s in the early 1980s), but the root causes of that mistake are understood and have been corrected. Hard to explain how it could happen ( unless, God forbid, it was intentional ).
Disclaimer: never worked the 787, so my detailed knowledge is a bit lacking.
First off, this is perplexing - especially if the RAT was deployed. There is no 'simple' explanation that I can come up with.
GEnx-1B engines have been exceptionally reliable, and the GE carbon composite fan blades are very robust and resistant to bird strike damage (about 15 years after the GE90 entry into service, I remember a GE boast that no GE90 (carbon composite) fan blades had needed to be scrapped due to damage (birdstrike, FOD, etc. - now that was roughly another 15 years ago, so is probably no longer true, but it shows just how robust the carbon composite blades are - far better than the more conventional titanium fan blades).
Not saying it wasn't somehow birdstrike related, just that is very unlikely (then again, all the other explanations I can come up with are also very unlikely
).
Using improper temp when calculating TO performance - after some near misses, Boeing added logic that cross-compares multiple total temp probes - aircraft TAT (I think the 787 uses a single, dual element probe for aircraft TAT, but stand to be corrected) and the temp measured by the engine inlet probes - and puts up a message if they disagree by more than a few degree tolerance - so very, very unlikely.
N1 power setting is somewhat less prone to measurement and power setting errors than EPR (N1 is a much simpler measurement than Rolls EPR) - although even with EPR, problems on both engines at the same time is almost unheard of.
The Auto Thrust (autothrottle) function 'falls asleep' at 60 knots - and doesn't unlock until one of several things happens - 250 knots, a set altitude AGL is exceeded (I'm thinking 3,000 ft. but the memory is fuzzy), thrust levers are moved more than a couple of degrees, or the mode select is changed (memory says that last one is inhibited below 400 ft. AGL). So an Auto Thrust malfunction is also extremely unlikely. Further, a premature thrust lever retard would not explain a RAT deployment.
TO does seem to be very late in the takeoff role - even with a big derate, you still must accelerate fast enough to reach V1 with enough runway to stop - so there is still considerable margin if both engines are operating normally. That makes me wonder if they had the correct TO power setting - but I'm at a loss to explain how they could have fouled that up with all the protections that the 787 puts on that.
If one engine did fail after V1, it's conceivable that they shut down the wrong engine - but since this happened literally seconds after takeoff, it begs the question why they would be in a big hurry to shut down the engine. Short of an engine fire, there is nothing about an engine failure that requires quick action to shut it down - no evidence of an engine fire, and even with an engine fire, you normally have minutes to take action - not seconds.
The one thing I keep thinking about is someone placing both fuel switches to cutoff immediately after TO. Yes, it's happened before (twice - 767s in the early 1980s), but the root causes of that mistake are understood and have been corrected. Hard to explain how it could happen ( unless, God forbid, it was intentional ).
June 19, 2025, 16:10:00 GMT
permalink Post: 11906159
The only aircraft inputs to TCMA is air/ground and thrust lever positions - everything else is the FADEC and its sensors (primarily N1). Even if air/ground was compromised somehow, it would take other issues before TCMA could possibly be activated. Possible on one engine (although remote) - but two engines at the same time - almost literally imposssible (unless of course it's software error).
The 'good' news is that even a cursory check of the FDR will indicate if TCMA activated, so we'll soon know.
The 'good' news is that even a cursory check of the FDR will indicate if TCMA activated, so we'll soon know.
In 2019 I think it was, an ANA 787 had a TMCA dual engine shutdown just after landing. There was also a bug that shut down all AC power on 787s powered on for 248+ days (integer overflow causing GCU failsafe) that was supposed to be remedied on 2019. Can\x92t find any information confirming that it was implemented on all 787s. These are just two examples of software bugs. There are placed of others, and it\x92s highly likely there are ones we don\x92t know about, either in the original software or in the updates.
June 19, 2025, 17:24:00 GMT
permalink Post: 11906207
I read, maybe in the preceding thread, a post from a (?) chemical additive manufacturing specialist, referring to n2 speed problems caused by one of their additives incorrectly getting to a bearing (?) and creating a metallic oxide powder and subsequent issues. (Details vague as I can't find the original post - different problem domain to this though). Are there engine lubrication maintenance tasks in a roughly 2 hour turnaround?
Long time lurker, ex aerospace engineering design software engineer. Please delete if inappropriate.
[Edit: spoilling]
Last edited by lancs; 19th June 2025 at 18:18 .
June 19, 2025, 18:28:00 GMT
permalink Post: 11906250
Software Engineer here. IMO software glitches are more likely than mechanical failures and pilot error, and I would say increasingly more so, particularly with Boeings. I have good reasons, experience and expertise for saying this that I\x92m not going to get into here because it\x92s too long winded and will no doubt upset some people who will mistake facts for rule and let it hurt their feelings.
In 2019 I think it was, an ANA 787 had a TMCA dual engine shutdown just after landing. There was also a bug that shut down all AC power on 787s powered on for 248+ days (integer overflow causing GCU failsafe) that was supposed to be remedied on 2019. Can\x92t find any information confirming that it was implemented on all 787s. These are just two examples of software bugs. There are placed of others, and it\x92s highly likely there are ones we don\x92t know about, either in the original software or in the updates.
In 2019 I think it was, an ANA 787 had a TMCA dual engine shutdown just after landing. There was also a bug that shut down all AC power on 787s powered on for 248+ days (integer overflow causing GCU failsafe) that was supposed to be remedied on 2019. Can\x92t find any information confirming that it was implemented on all 787s. These are just two examples of software bugs. There are placed of others, and it\x92s highly likely there are ones we don\x92t know about, either in the original software or in the updates.
June 19, 2025, 18:45:00 GMT
permalink Post: 11906259
To continue with some more speculation (hopefully not idle!) one of the areas I haven\x92t seen much discussion on is maintenance errors. Clearly all aircraft are under a continuous regime of maintenance, whether scheduled or unplanned. In my time long ago we had many specialist technicians on hand to deal with most eventualities, time was always of the essence, but there was a strict process of checking and sign-offs for every bit of technical work carried out. OK, it was the military, but I can\x92t imagine it\x92s much different today in the civil world.
But of course mistakes happen occasionally, leading generally to nothing worse than a cancelled sortie, or less commonly for the aircraft\x92s built-in redundant systems to \x91kick in\x92 or be switched in. On the ground the fault might be on the MEL, in the air a diversion might be necessary. And this was decades ago. What I\x92m leading to is this; on an ultra modern commercial airliner such as the 787, what possible maintenance error could cause such a catastrophic event as happened to AI 171?
We understand the right engine was replaced 3 months ago, and doubtless there have been other regular, routine activities necessitating disturbance of engine, avionic and other systems. One could imagine perhaps an electronic piece of equipment (we called them LRUs) not being fully located in its housing, ditto for plugs and connectors, and such equipment apparently working correctly at the time but failing at a later time. There are anecdotal stories of AirIndia 171 on earlier flights having air conditioning and in-flight entertainment issues. And we don\x92t know what, if any, maintenance/repairs were done immediately before the last flight.
But isn\x92t all this irrelevant, given that, we are told, the 2 engines and controls are uniquely independent of each other and will continue to work in the presence of aircraft major electrical and hydraulic system failures?
In summary, and assuming accidental rather than deliberate, there seems to be no way that double engine failure could result from maintenance error?
But of course mistakes happen occasionally, leading generally to nothing worse than a cancelled sortie, or less commonly for the aircraft\x92s built-in redundant systems to \x91kick in\x92 or be switched in. On the ground the fault might be on the MEL, in the air a diversion might be necessary. And this was decades ago. What I\x92m leading to is this; on an ultra modern commercial airliner such as the 787, what possible maintenance error could cause such a catastrophic event as happened to AI 171?
We understand the right engine was replaced 3 months ago, and doubtless there have been other regular, routine activities necessitating disturbance of engine, avionic and other systems. One could imagine perhaps an electronic piece of equipment (we called them LRUs) not being fully located in its housing, ditto for plugs and connectors, and such equipment apparently working correctly at the time but failing at a later time. There are anecdotal stories of AirIndia 171 on earlier flights having air conditioning and in-flight entertainment issues. And we don\x92t know what, if any, maintenance/repairs were done immediately before the last flight.
But isn\x92t all this irrelevant, given that, we are told, the 2 engines and controls are uniquely independent of each other and will continue to work in the presence of aircraft major electrical and hydraulic system failures?
In summary, and assuming accidental rather than deliberate, there seems to be no way that double engine failure could result from maintenance error?
June 19, 2025, 19:02:00 GMT
permalink Post: 11906274
Galaxy flyer,
UPS had a triple engine shutdown on A RR Tay engined 727. The crew got one started in the nick of time and were able to land at KORD. I know the crewmemebers.
An old post from 2004,
UPS had a triple engine shutdown on A RR Tay engined 727. The crew got one started in the nick of time and were able to land at KORD. I know the crewmemebers.
An old post from 2004,
June 19, 2025, 19:05:00 GMT
permalink Post: 11906278
There were simultaneous engine failures, but those were due to massive birdstrikes (
US1549
) or due to epidemic engine failures on Il-62s of various versions (like
LOT 007
or
LOT 5055
).
Fuel related total engine failures like Aeroflot 366 or Air Transat 236 at least had the decency to have the engines starve one after another as the fuel in the individual tanks depleted.
But all those are probably highly irrelevant when considering the Air India accident. An engine disintegration or a heavy birdstrike would have been visible on the videos, a sizeable bird would have left some remains. And gradual fuel starvation would have shown some yaw.
As much as I despise the thought, the issue that got AI171 must have come from within the aircraft, although this most decidedly does not infer any wrongdoing by any crewmember.
Fuel related total engine failures like Aeroflot 366 or Air Transat 236 at least had the decency to have the engines starve one after another as the fuel in the individual tanks depleted.
But all those are probably highly irrelevant when considering the Air India accident. An engine disintegration or a heavy birdstrike would have been visible on the videos, a sizeable bird would have left some remains. And gradual fuel starvation would have shown some yaw.
As much as I despise the thought, the issue that got AI171 must have come from within the aircraft, although this most decidedly does not infer any wrongdoing by any crewmember.
- GoAir320 at Delhi
- Transasia AT72 at Taipei
- Alitalia A332 at Seoul
- SA Airlink JS41 at Durban
Not saying it happened here!
June 19, 2025, 19:18:00 GMT
permalink Post: 11906289
In the history of jet transport aviation, both ETOPS and non-ETOPS operations, exactly how many simultaneous dual engine failures have there been, excluding pilot causal ones? I\x92d venture it\x92s zero. Even the old DC-9/Boeing 727 era had none. ETOPS is 40 years on and zero cases, to my knowledge. Modern twins are systematically divided into two separate and independent planes. My bet is all these neat theories based on arcane questions will boil down to some human causal event, excluding Boeing. They might contributory, as in the Delta 767 where the switch design contributed to pilot misaction, but design fault, vanishingly improbable.
ANA NH-985, a 787-8, suffered dual uncommanded engine shutdown just after air-ground transition. That was a TCMS "feature."
Baltic BT-139 likewise, resulted in an FAA AD to upgrade FADEC software on a whole bunch of P&W engines.
It isn't unheard of. It may not have been seen at rotation before.
June 19, 2025, 20:21:00 GMT
permalink Post: 11906338
Lower than calculated lift at Vr
Hi all,
Sorry it’s going to be a long one but seeing the level of competency here, I though it would be the perfect place to get my answers. From the precious messages read and answers received, I have a scenario to run. I am more than happy to be told wrong from point 1). I don’t have the knowledge some of you do.
Please let me first start by saying that I am not trying to incriminate anyone. Hundreds of CRMS debriefs and accidents reports show us that unfortunately sometimes, the holes in that swiss cheese just do line up. It is far too easy for any of us, seating here, to judge any of the sequences happening in a Flight Deck. Mistakes happen, regardless of training and experience. We all do mistakes, every day, in every line of work.
DISCLAIMER:
I know that the consensus is a dual engine failure due to either TCMA bug or any sort of mecanical/software/wear and tear.
I do hear a RAT (I don’t see it though) and I do find the audio analysis quite compelling. It is at the top of my list as probable cause.
I am just exploring another scenario, based on the AC’s profile and state from grainy video and poor audio.
1- Let’s assume that we do all our perf calculation correctly. Is it possible that the OPT would spit up a F15/20 take off with the conditions on the day on a 787?
2- If so, let’s say we have performances for a F15/20 TO in the FMC. Now let’s assume we select F5 for TO (not in the FMC, physically). Would there be an FMC message, or would that trigger the T/O warning on the 787? If it doesn’t, we now potentially have an aircraft on the heavy side, with already a lift penalty on a high density altitude day.
3- Please bear with me, I know so far I have made an awful lot of suppositions and assumptions. Murphy’s law dictates that what can happen will happen albeit not on the same day. As it was answered to me by someone who was obviously seeing where I was going in a previous post, it’s a lot of swiss cheese to line up.
4- Take off roll goes on, Vr F15/20 comes and we rotate at a speed lower than we should for our actual F5 setting. My buddy calls for GEAR UP, I retract flaps to F1. Another lift penalty. Is there enough thrust now, or are we then already to deep on the back end of the drag curve ?
I do understand that this is not testable in a simulator. I am asking if someone with a 787 OPT and/or FCOM and knowledge views this scenario as possible or not (especially regarding the FMC message and the T/O warning). That is all.
thanks for the help !
Sorry it’s going to be a long one but seeing the level of competency here, I though it would be the perfect place to get my answers. From the precious messages read and answers received, I have a scenario to run. I am more than happy to be told wrong from point 1). I don’t have the knowledge some of you do.
Please let me first start by saying that I am not trying to incriminate anyone. Hundreds of CRMS debriefs and accidents reports show us that unfortunately sometimes, the holes in that swiss cheese just do line up. It is far too easy for any of us, seating here, to judge any of the sequences happening in a Flight Deck. Mistakes happen, regardless of training and experience. We all do mistakes, every day, in every line of work.
DISCLAIMER:
I know that the consensus is a dual engine failure due to either TCMA bug or any sort of mecanical/software/wear and tear.
I do hear a RAT (I don’t see it though) and I do find the audio analysis quite compelling. It is at the top of my list as probable cause.
I am just exploring another scenario, based on the AC’s profile and state from grainy video and poor audio.
1- Let’s assume that we do all our perf calculation correctly. Is it possible that the OPT would spit up a F15/20 take off with the conditions on the day on a 787?
2- If so, let’s say we have performances for a F15/20 TO in the FMC. Now let’s assume we select F5 for TO (not in the FMC, physically). Would there be an FMC message, or would that trigger the T/O warning on the 787? If it doesn’t, we now potentially have an aircraft on the heavy side, with already a lift penalty on a high density altitude day.
3- Please bear with me, I know so far I have made an awful lot of suppositions and assumptions. Murphy’s law dictates that what can happen will happen albeit not on the same day. As it was answered to me by someone who was obviously seeing where I was going in a previous post, it’s a lot of swiss cheese to line up.
4- Take off roll goes on, Vr F15/20 comes and we rotate at a speed lower than we should for our actual F5 setting. My buddy calls for GEAR UP, I retract flaps to F1. Another lift penalty. Is there enough thrust now, or are we then already to deep on the back end of the drag curve ?
I do understand that this is not testable in a simulator. I am asking if someone with a 787 OPT and/or FCOM and knowledge views this scenario as possible or not (especially regarding the FMC message and the T/O warning). That is all.
thanks for the help !
Last edited by T28B; 19th June 2025 at 22:23 . Reason: formatting assistance
June 19, 2025, 23:26:00 GMT
permalink Post: 11906480
Summary of main theories
DISCLAIMER: Poster (a) is one of the (apparently quite numerous) lawyers following this thread; (b) a long-time forum lurker and aviation enthusiast who loves studying FCOMs for fun (to each his own, I guess); (c) has followed and read this thread from the start.
What I cannot do is add new theories or uncover any new facts the actual experts have not already thought of. However, since summarizing and structuring information is one thing lawyers tend to regularly do (and sometimes even do well), here is my attempt at a useful contribution to this thread: an attempt to summarize the main theories discussed here since day one (which I think hasn't been done for quite some time) in the hope that a birds-eye view will be helpful to those who have not read everything since the beginning or might even trigger some new flash of inspiration for someone more knowledgable than me. I have focused on the cons since there does not seem to be enough evidence to come to any positive conclusion.
I shall try to be concise and to refrain from personal evaluations of my own. Of course, no disrespect whatsoever is intended towards all those who have contributed to this thread and to the individual theories, one or combinations of which may turn out to have led to this tragic outcome. That arguments can be made against every single theory that has been propagated seems to be the result of the highly improbable and unusual nature of this deplorable event and certainly not due to any lack of knowledge or reasoning skills in this forum.
DEAR MODS: If I have distorted anything or if, meaning well, should have achieved the opposite \x96 I guess you know where the delete button is\x85
Anyway, here goes:
A. Misconfiguration or wrong takeoff data
Widely refuted, since
Still brought up from time to time. However, widely disregarded due to
It should be pointed out that the question of "RAT in or out" was for a while the most contentious in this thread.
C. Low-altitude capture
Still argued, even if refuted by many since
Various possible reasons for this have been discussed:
I. Bird strike/FOD
Unclear which maintenance measures could possibly have been performed that would have resulted in simultaneous loss of both engines. No apparent relationships between malfunctions reported by previous passengers and essential systems.
IV. Large-scale electrical fault (e.g. due to water in E&E bay)
The engines will continue to run if electrical power is lost. FADECs are powered independently.
V. Shutdown of engines by TCMA
A parallel is drawn to the ANA incident. However, this would require not only a fault in the air/ground logic but also a sensed discrepancy between T/L position (not necessarily idle) and thrust output on both engines simultaneously.
VI. (Inadvertent) shutdown by flight crew
What I cannot do is add new theories or uncover any new facts the actual experts have not already thought of. However, since summarizing and structuring information is one thing lawyers tend to regularly do (and sometimes even do well), here is my attempt at a useful contribution to this thread: an attempt to summarize the main theories discussed here since day one (which I think hasn't been done for quite some time) in the hope that a birds-eye view will be helpful to those who have not read everything since the beginning or might even trigger some new flash of inspiration for someone more knowledgable than me. I have focused on the cons since there does not seem to be enough evidence to come to any positive conclusion.
I shall try to be concise and to refrain from personal evaluations of my own. Of course, no disrespect whatsoever is intended towards all those who have contributed to this thread and to the individual theories, one or combinations of which may turn out to have led to this tragic outcome. That arguments can be made against every single theory that has been propagated seems to be the result of the highly improbable and unusual nature of this deplorable event and certainly not due to any lack of knowledge or reasoning skills in this forum.
DEAR MODS: If I have distorted anything or if, meaning well, should have achieved the opposite \x96 I guess you know where the delete button is\x85
Anyway, here goes:
A. Misconfiguration or wrong takeoff data
Widely refuted, since
- rotation, takeoff and initial climb seem normal;
- likely extreme errors would have been required to have such tragic effect (the fuel tanks should have been only about half full, so not close to MTOW);
- there is strong evidence that at least some flaps were extended for takeoff (post-crash photo, perhaps also visible in video from behind)
Still brought up from time to time. However, widely disregarded due to
- the fact that with two working engines an inadvertent flap retraction should easily be recoverable, even with gear down;
- strong indications that hydraulic and electric power were lost (audible/visible indications of RAT extension, survivor statement, lack of engine noise, position of MLG bogies).
It should be pointed out that the question of "RAT in or out" was for a while the most contentious in this thread.
C. Low-altitude capture
Still argued, even if refuted by many since
- inconsistent with apparent loss of hydraulic/electric power;
- PF would have been flying manually (however, A/T reaction would have been unexpected for the PF);
- should have been recoverable (unless one assumes that the crew (a) remained unaware of the changed FMA annunciations although alerted by the unexpected FD commands; and (b) was so startled that an A/T thrust reduction was not noticed and corrected, even though the PF was apparently sufficiently alert not to follow the FD commands).
Various possible reasons for this have been discussed:
I. Bird strike/FOD
- Would have to have occurred simultaneously due to lack of rudder/aileron input indicating symmetric thrust.
- No remains/traces on runway, no visual indications (flocks of birds, flames, structural engine damage).
1. Loss of electric fuel pumps
Suction feed would have provided sufficient fuel pressure.
2. Fuel contamination
No other aircraft affected, no measures taken at airport. Simultaneous flameout due to contaminated fuel very unlikely.
3. Vapour lock
Unlikely to occur in this scenario. Even if (momentarily) no sufficient fuel pressure from the center tank, the engines would have been fed by the wing tanks.
III. Improper maintenance
Unclear which maintenance measures could possibly have been performed that would have resulted in simultaneous loss of both engines. No apparent relationships between malfunctions reported by previous passengers and essential systems.
IV. Large-scale electrical fault (e.g. due to water in E&E bay)
The engines will continue to run if electrical power is lost. FADECs are powered independently.
V. Shutdown of engines by TCMA
A parallel is drawn to the ANA incident. However, this would require not only a fault in the air/ground logic but also a sensed discrepancy between T/L position (not necessarily idle) and thrust output on both engines simultaneously.
VI. (Inadvertent) shutdown by flight crew
1. Spontaneous execution of memory items (fuel control switches OFF, then ON; deploy RAT) due to assumed engine malfunction
In contrast to mistakenly shutting down the wrong engine after having correctly diagnosed the problem as per SOP, this would require not only a simple error in execution but a counter-intuitive unilateral action immediately after takeoff against basic principles of SOP or CRM.
2. No indications whatsoever of an intentional shutdown for nefarious reasons
(Would also be inconsistent with the content of the alleged mayday call.)
VII.
Malfunction/mishandling of the fuel cutoff switches (most recent)
1.
Wear or improper operation of the switches, so that they do not lock but can shift back into the OFF position.
Argued to be impossible due to robust switch design, preventing switch release in any other than a locked position.
Actuation of the switches by an item placed before them which was pushed onto the switches by retarding thrust levers seems equally unlikely due to force required to pull the switches out of the locked position.
Actuation of the switches by an item placed before them which was pushed onto the switches by retarding thrust levers seems equally unlikely due to force required to pull the switches out of the locked position.
2.
Spilled drink leading to short in the wiring
Hardly conceivable that before takeoff open liquid containers would be placed anywhere where they could spill onto the pedestal.
June 20, 2025, 00:36:00 GMT
permalink Post: 11906509
A good round-up of dominant themes, including this:
You may be at risk of assuming that the air/ground control logic is in some way hard-wired, as opposed to being a function of software. I don't believe we (yet) know this to be true.
We know there has been a bug in the Generator Control Unit software (an overflowing counter) that could lead to simultaneous shut down of all generators and a total loss of all AC power (the 248 days bug).
In the interests of completeness, we should perhaps also consider the possibility of some other previously-unknown software issue capable of creating an uncommanded dual engine shutdown. TCMS is the most likely candidate due to the deliberate separation of other systems from being able to achieve this outcome. The question then isn't whether there's some odd combination of input faults that would confuse TCMS into believing it were on the ground, but rather whether there's any way in which the software side could crash in such a way as to create an anomalous state within the system leading to engine failure. For instance, another overlooked software counter with an unwelcome failure mode.
Or even just a "dirty power supply" (cf all the reports of dodgy passenger-side electrics on this a/c) leading to spurious inputs and unexpected consequences.
Whatever is the cause will likely turn out to be have been a very low-probability event. But unless we have a TCMS expert who can state canonically that (say) the WoW sensor electrically disables TCMS when airborne (as opposed to merely being an input to the TCMS logic) then we cannot say with certainty that multiple inputs would have to have failed / been corrupted in order to reach the end state of this flight.
We know there has been a bug in the Generator Control Unit software (an overflowing counter) that could lead to simultaneous shut down of all generators and a total loss of all AC power (the 248 days bug).
In the interests of completeness, we should perhaps also consider the possibility of some other previously-unknown software issue capable of creating an uncommanded dual engine shutdown. TCMS is the most likely candidate due to the deliberate separation of other systems from being able to achieve this outcome. The question then isn't whether there's some odd combination of input faults that would confuse TCMS into believing it were on the ground, but rather whether there's any way in which the software side could crash in such a way as to create an anomalous state within the system leading to engine failure. For instance, another overlooked software counter with an unwelcome failure mode.
Or even just a "dirty power supply" (cf all the reports of dodgy passenger-side electrics on this a/c) leading to spurious inputs and unexpected consequences.
Whatever is the cause will likely turn out to be have been a very low-probability event. But unless we have a TCMS expert who can state canonically that (say) the WoW sensor electrically disables TCMS when airborne (as opposed to merely being an input to the TCMS logic) then we cannot say with certainty that multiple inputs would have to have failed / been corrupted in order to reach the end state of this flight.
June 20, 2025, 01:02:00 GMT
permalink Post: 11906517
It is very, very, very close:
Both engines failed: yup, both engines have failed.
Triple hydraulic pressure low: either you've been hit by a SAM/uncontained engine failure causing massive fluid leaks, or both engine driven pumps have failed (likely because the engines have failed) and all four electric pumps have failed (because the engines have failed).
Loss of all electric power to flight instruments both sides: total AC electric loss, and I think battery/static inverter too? Given four generators and four buses, either massive electrical failure (swimming pool in E&E bay) or engines have failed. Note failure of an individual contactor that can tie two buses together should not cause a quad-bus outage.
Loss of all four electric motor pumps: total AC failure, see above.
Both engines failed: yup, both engines have failed.
Triple hydraulic pressure low: either you've been hit by a SAM/uncontained engine failure causing massive fluid leaks, or both engine driven pumps have failed (likely because the engines have failed) and all four electric pumps have failed (because the engines have failed).
Loss of all electric power to flight instruments both sides: total AC electric loss, and I think battery/static inverter too? Given four generators and four buses, either massive electrical failure (swimming pool in E&E bay) or engines have failed. Note failure of an individual contactor that can tie two buses together should not cause a quad-bus outage.
Loss of all four electric motor pumps: total AC failure, see above.
June 20, 2025, 01:13:00 GMT
permalink Post: 11906520
It is very, very, very close:
Both engines failed: yup, both engines have failed.
Triple hydraulic pressure low: either you've been hit by a SAM/uncontained engine failure causing massive fluid leaks, or both engine driven pumps have failed (likely because the engines have failed) and all four electric pumps have failed (because the engines have failed).
Loss of all electric power to flight instruments both sides: total AC electric loss, and I think battery/static inverter too? Given four generators and four buses, either massive electrical failure (swimming pool in E&E bay) or engines have failed. Note failure of an individual contactor that can tie two buses together should not cause a quad-bus outage.
Loss of all four electric motor pumps: total AC failure, see above.
Both engines failed: yup, both engines have failed.
Triple hydraulic pressure low: either you've been hit by a SAM/uncontained engine failure causing massive fluid leaks, or both engine driven pumps have failed (likely because the engines have failed) and all four electric pumps have failed (because the engines have failed).
Loss of all electric power to flight instruments both sides: total AC electric loss, and I think battery/static inverter too? Given four generators and four buses, either massive electrical failure (swimming pool in E&E bay) or engines have failed. Note failure of an individual contactor that can tie two buses together should not cause a quad-bus outage.
Loss of all four electric motor pumps: total AC failure, see above.
June 20, 2025, 01:15:00 GMT
permalink Post: 11906521
User989 thanks for a nice summary
I am at risk of turning into one of those folks who gets their mind locked on one possibility and keeps banging on about it but here goes;
If the authorities determined that the accident aircraft had been treated by maintenance for microbial growth in the fuel tanks within the last week or so, and they suspected that that procedure was carried out in a way that could result in fuel contamination, then that would explain
1/ No other aircraft being affected
2/ No measures taken at the airport
3/ No AD’s from the regulators
4/ No grounding of 787’s
5/ Flight profile
6/ Rat deployment etc etc
I agree with your statement that dual flameout due fuel contamination is very unlikely, but we ARE dealing with something that is very unlikely. I favour the theory because an error in treating the fuel is so predictably human and simple, and a dual engine failure being related to fuel is also a simple and obvious idea, and it satisfies all we know both about the aircraft’s behaviour, and the authorities behaviour post accident.
I posted a report earlier of a 787-8 powered by the same engine type have both engines roll back sub-idle within a minute of each other while airborne due to this, so we know it can happen in theory.
Now……I want to be clear that I’m not saying I think I know what happened, I’m an average Joe with my hands full just flying the line, but I am a bit surprised that the idea of ‘fuel contamination specific to that airframe’ doesn’t get discussed more on this thread.
Thanks again for the clear summary of discussion thus far.
I am at risk of turning into one of those folks who gets their mind locked on one possibility and keeps banging on about it but here goes;
2. Fuel contamination
No other aircraft affected, no measures taken at airport. Simultaneous flameout due to contaminated fuel very unlikely.
No other aircraft affected, no measures taken at airport. Simultaneous flameout due to contaminated fuel very unlikely.
1/ No other aircraft being affected
2/ No measures taken at the airport
3/ No AD’s from the regulators
4/ No grounding of 787’s
5/ Flight profile
6/ Rat deployment etc etc
I agree with your statement that dual flameout due fuel contamination is very unlikely, but we ARE dealing with something that is very unlikely. I favour the theory because an error in treating the fuel is so predictably human and simple, and a dual engine failure being related to fuel is also a simple and obvious idea, and it satisfies all we know both about the aircraft’s behaviour, and the authorities behaviour post accident.
I posted a report earlier of a 787-8 powered by the same engine type have both engines roll back sub-idle within a minute of each other while airborne due to this, so we know it can happen in theory.
Now……I want to be clear that I’m not saying I think I know what happened, I’m an average Joe with my hands full just flying the line, but I am a bit surprised that the idea of ‘fuel contamination specific to that airframe’ doesn’t get discussed more on this thread.
Thanks again for the clear summary of discussion thus far.
June 20, 2025, 01:22:00 GMT
permalink Post: 11906524
In the interests of completeness, we should perhaps also consider the possibility of some other previously-unknown software issue capable of creating an uncommanded dual engine shutdown. TCMS is the most likely candidate due to the deliberate separation of other systems from being able to achieve this outcome.
The question then isn't whether there's some odd combination of input faults that would confuse TCMS into believing it were on the ground, but rather whether there's any way in which the software side could crash in such a way as to create an anomalous state within the system leading to engine failure. For instance, another overlooked software counter with an unwelcome failure mode.
Whatever is the cause will likely turn out to be have been a very low-probability event. But unless we have a TCMS expert who can state canonically that (say) the WoW sensor electrically disables TCMS when airborne (as opposed to merely being an input to the TCMS logic) then we cannot say with certainty that multiple inputs would have to have failed / been corrupted in order to reach the end state of this flight.
June 20, 2025, 01:43:00 GMT
permalink Post: 11906532
User989 thanks for a nice summary
I am at risk of turning into one of those folks who gets their mind locked on one possibility and keeps banging on about it but here goes;
If the authorities determined that the accident aircraft had been treated by maintenance for microbial growth in the fuel tanks within the last week or so, and they suspected that that procedure was carried out in a way that could result in fuel contamination, then that would explain
1/ No other aircraft being affected
2/ No measures taken at the airport
3/ No AD\x92s from the regulators
4/ No grounding of 787\x92s
5/ Flight profile
6/ Rat deployment etc etc
I agree with your statement that dual flameout due fuel contamination is very unlikely, but we ARE dealing with something that is very unlikely. I favour the theory because an error in treating the fuel is so predictably human and simple, and a dual engine failure being related to fuel is also a simple and obvious idea, and it satisfies all we know both about the aircraft\x92s behaviour, and the authorities behaviour post accident.
I posted a report earlier of a 787-8 powered by the same engine type have both engines roll back sub-idle within a minute of each other while airborne due to this, so we know it can happen in theory.
Now\x85\x85I want to be clear that I\x92m not saying I think I know what happened, I\x92m an average Joe with my hands full just flying the line, but I am a bit surprised that the idea of \x91fuel contamination specific to that airframe\x92 doesn\x92t get discussed more on this thread.
Thanks again for the clear summary of discussion thus far.
I am at risk of turning into one of those folks who gets their mind locked on one possibility and keeps banging on about it but here goes;
If the authorities determined that the accident aircraft had been treated by maintenance for microbial growth in the fuel tanks within the last week or so, and they suspected that that procedure was carried out in a way that could result in fuel contamination, then that would explain
1/ No other aircraft being affected
2/ No measures taken at the airport
3/ No AD\x92s from the regulators
4/ No grounding of 787\x92s
5/ Flight profile
6/ Rat deployment etc etc
I agree with your statement that dual flameout due fuel contamination is very unlikely, but we ARE dealing with something that is very unlikely. I favour the theory because an error in treating the fuel is so predictably human and simple, and a dual engine failure being related to fuel is also a simple and obvious idea, and it satisfies all we know both about the aircraft\x92s behaviour, and the authorities behaviour post accident.
I posted a report earlier of a 787-8 powered by the same engine type have both engines roll back sub-idle within a minute of each other while airborne due to this, so we know it can happen in theory.
Now\x85\x85I want to be clear that I\x92m not saying I think I know what happened, I\x92m an average Joe with my hands full just flying the line, but I am a bit surprised that the idea of \x91fuel contamination specific to that airframe\x92 doesn\x92t get discussed more on this thread.
Thanks again for the clear summary of discussion thus far.
Last edited by Pinkman; 20th June 2025 at 02:32 .
June 20, 2025, 03:43:00 GMT
permalink Post: 11906564
Reuters
:
No less relevant to the discussion than any other reason for a dual engine failure. What is clear is that after take-off there was insufficient thrust to keep the aircraft in the air. Jetstar had a dual engine rollback to idle on descent with the final report indicating that it was biocide treatment in the fuel that led to the rollback. As has been stated, If there is fuel in the center tank then thats where the fuel will be drawn from for takeoff. If that fuel is contaminated then it would explain why both engines suffered a simultaneous loss of thrust.
June 20, 2025, 04:57:00 GMT
permalink Post: 11906593
Just so I have this clear, are you saying that the implementation of the TCMA functionality involved
no
new components being added to the pre-existing FADEC? Are you saying, in effect, that the two switch relays described in the TCMA patent application, which relays and their configuration achieves the described two channel redundancy, were already there as components or are mere depictions of what the software does itself?
I am not suggesting you are wrong and, as I've said before, the descriptions and schematic in the patent application are just 'big hands / small maps' concepts. However, if TCMA functionality "is simply a bit of software in the FADECs", merely sending a 1 or 0 or other signal into a point in the pre-existing FADEC that already had control over fuel cutoff (with the TCMA software merely monitoring data busses, rather than direct sensor outputs, to work out thrust lever position and whether or not the aircraft is 'on the ground' for TCMA purposes) I for one would really like to know that for sure and get my head around the implications.
I am not suggesting you are wrong and, as I've said before, the descriptions and schematic in the patent application are just 'big hands / small maps' concepts. However, if TCMA functionality "is simply a bit of software in the FADECs", merely sending a 1 or 0 or other signal into a point in the pre-existing FADEC that already had control over fuel cutoff (with the TCMA software merely monitoring data busses, rather than direct sensor outputs, to work out thrust lever position and whether or not the aircraft is 'on the ground' for TCMA purposes) I for one would really like to know that for sure and get my head around the implications.
That is the implication I have heard all along, particularly from tdracer's posts.
It uses existing thrust-lever-angle inputs, existing N1 inputs, and (presumably) existing WoW inputs, does software stuff inside the ECU, and if necessary uses the existing overspeed cutout outputs to stop the engine.
It uses existing thrust-lever-angle inputs, existing N1 inputs, and (presumably) existing WoW inputs, does software stuff inside the ECU, and if necessary uses the existing overspeed cutout outputs to stop the engine.
The air/ground signal would've already been present as well. It would be needed for switching between ground idle, flight idle, and approach idle. Tdracer has discussed that as well, in past threads.
June 20, 2025, 04:57:00 GMT
permalink Post: 11906594
The Indian Express is carrying a story (
https://indianexpress.com/article/ci...lues-10077117/
) that includes the following:"Investigators probing the June 12
crash of Air India flight AI-171 from Ahmedabad to London Gatwick
are taking a close look at a February 2020 incident in Gatwick, involving an Airbus A321, in which both engines malfunctioned immediately after takeoff. It led to a Mayday call before the aircraft returned to Gatwick 11 minutes later after a turnaround." ...
..."it was \x93clear from visual observation and wreckage\x94 that the flight suffered a power failure." ...
..."The black boxes and the DVR have been recovered but the officer said that the devices were damaged and file extraction would \x93be a complicated process\x94." ...
... "We will check the technical logs to see if any of the engineering teams or pilots of the previous flight left comments on the performance of both engines"
Assuming there is some credence to the article, dual engine failure due to water contamination is the leading theory. It certainly fits much of the speculation in this thread. It may be that the flight data was not captured and much more reliance will be on forensic examination of the CCTV footage and the wreckage. Those waiting for the flight data to be published may be disappointed.
If the original CCTV footage was made available, together with a detailed survey map of the airport, it will be possible to accurately estimate the takeoff speed and altitude during all the critical periods. My guess is thrust was reduced or lost very early and perhaps before the aircraft left the tarmac. Then shortly after becoming airborne, power was lost resulting in the deployment of the RAT. It is doubtful that the pilots shut down the engines or the wrong engine. Likewise flap/slat misconfiguration is unlikely.
..."it was \x93clear from visual observation and wreckage\x94 that the flight suffered a power failure." ...
..."The black boxes and the DVR have been recovered but the officer said that the devices were damaged and file extraction would \x93be a complicated process\x94." ...
... "We will check the technical logs to see if any of the engineering teams or pilots of the previous flight left comments on the performance of both engines"
Assuming there is some credence to the article, dual engine failure due to water contamination is the leading theory. It certainly fits much of the speculation in this thread. It may be that the flight data was not captured and much more reliance will be on forensic examination of the CCTV footage and the wreckage. Those waiting for the flight data to be published may be disappointed.
If the original CCTV footage was made available, together with a detailed survey map of the airport, it will be possible to accurately estimate the takeoff speed and altitude during all the critical periods. My guess is thrust was reduced or lost very early and perhaps before the aircraft left the tarmac. Then shortly after becoming airborne, power was lost resulting in the deployment of the RAT. It is doubtful that the pilots shut down the engines or the wrong engine. Likewise flap/slat misconfiguration is unlikely.