Dangerous loss of control after octocopter motor failure

I had a close call while flying an octocopter recently, and I’d like to share the flight log in case it’s helpful to me or others. I believe I’ve uncovered some problems in the way PX4 responds to motor failures, but it’s also possible things could have gone better had I handled the situation differently, in which case I hope someone can guide me so I can be better prepared in future.

The root cause was loss of a motor (Output 7 in the telemetry data), after its four threadlocked screws worked themselves out at 80m altitude. Obviously I’ll take care to use better threadlock and mark screws to show up any movement in preflight checks, and would recommend anyone to do the same.

From a software perspective, the flight controller initially appeared to handle the loss very well. It maintained stability and began to descend, as the failsafe was programmed to do. However, this was accompanied by a total loss of horizontal control. Rather than descending in place, it began to drift in the wind, which was quite strong that day, and did not respond to my stick inputs. It ended up landing hard in an adjacent field, around 150m away from where the trouble first began, breaking a leg on impact but with no other harm done.

I’ve spent some time looking at the flight data, and this is my best guess at the reason for the loss of control:

After the motor is lost, the opposite motor has to throttle down to maintain balance, and the remaining motors work hard to take up the slack. Available thrust is reduced dramatically, and the drone begins to sink. As the Z position begins to depart from its setpoint (39:09), the thrust setpoint increases to 100% and stays there for most of the journey to the ground. At the same time, the drone begins to drift in the wind. It’s failing to hold position while it lands, and ignores stick inputs when I give them. Pitch and yaw setpoints remain at zero, indicating the FC is making no effort to change its XY position.

It’s as though the FC prioritises the vertical component of the demand position over the XY position, to the extent that a drone without enough thrust to stay airborne will have zero lateral control. If this is the case, should this behaviour be reconsidered from a safety perspective? If a drone is going down, better to have it go down marginally faster but have some control over where it lands.

To be safer in future, I’d like to know, is position mode the wrong mode to use while recovering from a motor loss? Would another mode such as altitude or stabilised have allowed me to have more control over where the drone landed?