Incident: Fuel-Level Sensor Software Issue Leads to Harley-Davidson Motorcycle Recall

Published Date: 2014-04-25

Postmortem Analysis
Timeline 1. The software failure incident involving Harley-Davidson motorcycles happened when an engineer ran out of fuel in January [26371]. 2. The software failure incident involving Mazda vehicles was known about last summer [26371]. Therefore, the software failure incidents happened in: - January for the Harley-Davidson motorcycles - Last summer for the Mazda vehicles
System 1. Fuel-level sensor software in Harley-Davidson motorcycles [26371] 2. Regenerative engine braking system software in Mazda 3 and Mazda 6 cars [26371]
Responsible Organization 1. Harley-Davidson was responsible for causing the software failure incident by not updating the software for the fuel-level sensor, leading to motorcycles unexpectedly running out of fuel and stalling [26371].
Impacted Organization 1. Harley-Davidson - The software failure incident impacted Harley-Davidson motorcycles due to a software issue with the fuel-level sensor causing unexpected fuel depletion and stalling [26371].
Software Causes 1. The software cause of the failure incident for Harley-Davidson motorcycles was an incorrect fuel-level reading due to a suspension difference on the recalled models, which changed the angle of the fuel tank by approximately three degrees. This issue was addressed by updating the software for the fuel-level sensor [26371]. 2. The software cause of the failure incident for Mazda vehicles was a problem with the regenerative engine braking system. In heavy rain or deep puddles, the generator belt may get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This can lead to the charging system being stopped, resulting in loss of steering assist, windshield wiper operation, and ultimately the engine stopping operating [26371].
Non-software Causes 1. The Harley-Davidson motorcycle recall was caused by a suspension difference on the recalled models changing the angle of the fuel tank, leading to an incorrect fuel-level reading [26371]. 2. The Jaguar recall was due to a potential rear suspension failure caused by prolonged, aggressive driving with frequent lateral and braking force inputs, which could cause the rear toe link to separate from the rear subframe [26371]. 3. Mazda's recall of certain vehicles was attributed to a problem with the regenerative engine braking system, where the generator belt could get wet and slip in heavy rain or deep puddles, causing the power control module to conclude a failure of the energy storage capacitor [26371].
Impacts 1. The software failure incident in the Harley-Davidson motorcycles caused unexpected fuel depletion and stalling due to an incorrect fuel-level reading caused by a software issue, leading to a recall of about 9,100 motorcycles [26371]. 2. The Mazda recall was due to a software issue in the regenerative engine braking system, where in heavy rain or deep puddles, the generator belt could slip, causing the power control module to conclude a failure of the energy storage capacitor, resulting in loss of steering assist, windshield wiper operation, and engine shutdown [26371].
Preventions 1. Implementing thorough testing procedures during the software development phase to detect any anomalies related to the fuel-level sensor software update could have prevented the incident [26371]. 2. Conducting comprehensive road load data testing to identify potential issues with the software controlling the rear toe link in Jaguar vehicles could have helped prevent the rear suspension failure incident [26371].
Fixes 1. Updating the software for the fuel-level sensor in the Harley-Davidson motorcycles [26371]. 2. Addressing the problem with the regenerative engine braking system in the Mazda vehicles, possibly through software updates or modifications [26371].
References 1. National Highway Traffic Safety Administration website 2. Reports filed with the safety agency 3. Responses from Mazda 4. Reports filed with the agency by the automaker

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to Harley-Davidson's motorcycles running out of fuel and stalling due to an incorrect fuel-level reading happened again within the same organization. The company learned of the problem when an engineer ran out of fuel, leading to the investigation and conclusion that a suspension difference on the recalled models caused the issue. Harley-Davidson stated that it would update the software for the fuel-level sensor to address the issue [26371]. (b) The software failure incident related to Mazda's vehicles experiencing a problem with the regenerative engine braking system due to a wet generator belt causing the power control module to conclude a failure of the energy storage capacitor also happened at another organization. Mazda faced questions as to why it didn't recall the vehicles sooner, as the company knew about the problem last summer. The issue led to the charging system being stopped, potentially resulting in a loss of steering assist, windshield wiper operation, and the engine stopping operation [26371].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase is evident in the Harley-Davidson recall mentioned in Article 26371. The company discovered that a suspension difference on the recalled models changed the angle of the fuel tank, causing an incorrect fuel-level reading. To address this issue, Harley-Davidson decided to update the software for the fuel-level sensor, indicating a failure introduced during the system development phase. (b) The software failure incident related to the operation phase is highlighted in the Mazda recall discussed in Article 26371. Mazda is recalling vehicles due to a problem with the regenerative engine braking system. In heavy rain or deep puddles, the generator belt may get wet and slip, leading the power control module to conclude that there is a failure of the energy storage capacitor. If the driver ignores the warning light associated with this issue, it can result in the loss of steering assist, windshield wiper operation, and eventually, the engine stopping. This failure is attributed to factors introduced by the operation or misuse of the system.
Boundary (Internal/External) within_system (a) The software failure incident related to the Harley-Davidson motorcycle recall was within the system. The issue was identified as a software problem with the fuel-level sensor caused by a suspension difference on the recalled models, which changed the angle of the fuel tank by approximately three degrees, leading to an incorrect fuel-level reading. Harley-Davidson stated that they would update the software for the fuel-level sensor to address this issue [26371]. (b) The software failure incident related to the Mazda recall was also within the system. Mazda identified a problem with the regenerative engine braking system, where in heavy rain or deep puddles, the generator belt may get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This would lead to the charging system being stopped, resulting in loss of steering assist, windshield wiper operation, and eventually the engine stopping. Mazda initially did not issue a recall, citing that the warning light would alert drivers, but eventually issued a recall after pressure from safety officials [26371].
Nature (Human/Non-human) non-human_actions (a) The software failure incident related to non-human actions: - Harley-Davidson's software for the fuel-level sensor was found to be causing the issue where the motorcycles could unexpectedly run out of fuel and stall. This was due to a suspension difference on the recalled models changing the angle of the fuel tank by approximately three degrees, leading to an incorrect fuel-level reading. The company decided to update the software for the fuel-level sensor to address this issue [26371]. (b) The software failure incident related to human actions: - Mazda's software issue with the regenerative engine braking system was caused by a problem where the generator belt may get wet and slip in heavy rain or deep puddles. This could cause the power control module to conclude that there is a failure of the energy storage capacitor, leading to the charging system being stopped. If the driver were to ignore the associated warning light, it could result in loss of steering assist, windshield wiper operation, and the engine stopping. Mazda initially did not issue a recall despite knowing about the problem last summer, but eventually decided to issue a recall after government safety officials in Japan insisted on it [26371].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - Harley-Davidson is recalling motorcycles due to a problem where a suspension difference on the recalled models changed the angle of the fuel tank, causing an incorrect fuel-level reading. The company mentioned it would update the software for the fuel-level sensor, indicating a hardware-related issue [26371]. (b) The software failure incident occurring due to software: - Mazda is recalling cars because of a problem with the regenerative engine braking system. The company stated that in heavy rain or deep puddles, the generator belt may get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This issue seems to be related to software misinterpreting the situation and stopping the charging system [26371].
Objective (Malicious/Non-malicious) non-malicious (a) The articles do not mention any software failure incidents related to malicious intent to harm the system [26371]. (b) The software failure incident mentioned in the articles is non-malicious. Specifically, Mazda is recalling about 5,700 of its 2014 Mazda 3 and 2014-15 Mazda 6 cars due to a problem with the regenerative engine braking system. The issue arises in heavy rain or deep puddles, where the generator belt may get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This can lead to the charging system being stopped, resulting in loss of steering assist, windshield wiper operation, and eventually the engine stopping operating [26371].
Intent (Poor/Accidental Decisions) accidental_decisions (a) In the article, there is no mention of the software failure incident being related to poor decisions. The recalls mentioned for Harley-Davidson, Jaguar, and Mazda were due to mechanical or engineering issues such as fuel tank angle affecting fuel-level reading, rear suspension failure, and a problem with the regenerative engine braking system [26371]. (b) The software failure incident related to the Mazda recall was due to a problem with the regenerative engine braking system. In heavy rain or deep puddles, the generator belt may get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This can lead to the charging system being stopped, resulting in loss of steering assist, windshield wiper operation, and the engine eventually stopping operating. Mazda initially did not issue a recall despite knowing about the problem last summer, but eventually issued a recall after government safety officials in Japan insisted on it [26371].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident related to development incompetence can be seen in the case of Harley-Davidson's recall of motorcycles due to a fuel sensor issue. The company discovered the problem when an engineer ran out of fuel, leading to an investigation that revealed a suspension difference on the recalled models changed the angle of the fuel tank, causing an incorrect fuel-level reading. Harley-Davidson mentioned that they would update the software for the fuel-level sensor, indicating a failure related to development incompetence [26371]. (b) The software failure incident related to accidental factors can be observed in Mazda's recall of vehicles due to a problem with the regenerative engine braking system. In heavy rain or deep puddles, the generator belt may get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This accidental issue could lead to the battery being drained, resulting in the loss of steering assist, windshield wiper operation, and engine operation [26371].
Duration permanent, temporary (a) The software failure incident related to the Harley-Davidson motorcycles running out of fuel and stalling was considered a permanent failure. The issue was caused by a suspension difference on the recalled models changing the angle of the fuel tank, leading to an incorrect fuel-level reading. Harley-Davidson addressed this by updating the software for the fuel-level sensor [26371]. (b) The software failure incident related to Mazda's recall of its 2014 Mazda 3 and 2014-15 Mazda 6 cars due to a problem with the regenerative engine braking system was considered a temporary failure. In heavy rain or deep puddles, the generator belt could get wet and slip, causing the power control module to conclude that there is a failure of the energy storage capacitor. This would lead to the charging system being stopped, potentially resulting in loss of steering assist, windshield wiper operation, and the engine stopping. However, a warning light would illuminate to alert the driver of the issue [26371].
Behaviour value, other (a) crash: The article mentions a software failure incident related to Harley-Davidson motorcycles where the fuel-level sensor software caused an incorrect fuel-level reading, leading to unexpected fuel depletion and stalling of the motorcycles [26371]. (b) omission: There is no specific mention of a software failure incident related to omission in the provided articles. (c) timing: There is no specific mention of a software failure incident related to timing in the provided articles. (d) value: The article discusses a software failure incident related to Mazda vehicles where the regenerative engine braking system incorrectly concluded a failure of the energy storage capacitor due to a wet generator belt slipping, leading to the stopping of the charging system and potential loss of steering assist, windshield wiper operation, and engine operation [26371]. (e) byzantine: There is no specific mention of a software failure incident related to Byzantine behavior in the provided articles. (f) other: The other behavior observed in the software failure incidents mentioned in the articles includes the charge air-cooler hose detachment in Jaguar vehicles with the 2-liter GTDi engine, causing the engine to cut out without warning and resulting in a loss of power assist for steering and brakes [26371].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm, property, non-human, theoretical_consequence (a) death: There were no reports of deaths related to the software failure incident [26371]. (b) harm: The Jaguar recall mentioned a potential harm where "vehicle stability will be compromised and the degree of directional control minimized, significantly increasing the risk of an accident" due to a rear suspension failure [26371]. (c) basic: There were no reports of people's access to food or shelter being impacted due to the software failure incident [26371]. (d) property: The Mazda recall mentioned a potential impact on people's material goods and safety where the engine could stop operating, resulting in a loss of steering assist and windshield wiper operation [26371]. (e) delay: There were no reports of people having to postpone an activity due to the software failure incident [26371]. (f) non-human: The software failure incident impacted non-human entities such as vehicles, where issues like fuel tank angle affecting fuel-level readings and rear suspension failure were identified [26371]. (g) no_consequence: The software failure incident did have observed consequences such as potential accidents and loss of vehicle control [26371]. (h) theoretical_consequence: The Mazda recall mentioned a theoretical consequence where the battery could be drained, resulting in loss of steering assist, windshield wiper operation, and engine operation [26371]. (i) other: There were no other consequences of the software failure incident mentioned in the articles [26371].
Domain transportation (a) The software failure incident mentioned in the articles is related to the transportation industry. Specifically, Jaguar is recalling vehicles due to potential rear suspension failure and stalling problems caused by a detached charge air-cooler hose [Article 26371].

Sources

Back to List