Weights only load failed In PyTorch 2.6 #8355
Description
[2025-02-18T15:24:11.855Z] ======================================================================
[2025-02-18T15:24:11.855Z] ERROR: test_pickling (tests.data.meta_tensor.test_meta_tensor.TestMetaTensor)
[2025-02-18T15:24:11.855Z] ----------------------------------------------------------------------
[2025-02-18T15:24:11.855Z] Traceback (most recent call last):
[2025-02-18T15:24:11.855Z] File "/tmp/tmp.1fErHx3AxH/tests/data/meta_tensor/test_meta_tensor.py", line 248, in test_pickling
[2025-02-18T15:24:11.855Z] m2 = torch.load(fname)
[2025-02-18T15:24:11.855Z] File "/usr/local/lib/python3.10/dist-packages/torch/serialization.py", line 1470, in load
[2025-02-18T15:24:11.855Z] raise pickle.UnpicklingError(_get_wo_message(str(e))) from None
[2025-02-18T15:24:11.855Z] _pickle.UnpicklingError: Weights only load failed. This file can still be loaded, to do so you have two options, do those steps only if you trust the source of the checkpoint.
[2025-02-18T15:24:11.855Z] (1) In PyTorch 2.6, we changed the default value of the `weights_only` argument in `torch.load` from `False` to `True`. Re-running `torch.load` with `weights_only` set to `False` will likely succeed, but it can result in arbitrary code execution. Do it only if you got the file from a trusted source.
[2025-02-18T15:24:11.855Z] (2) Alternatively, to load with `weights_only=True` please check the recommended steps in the following error message.
[2025-02-18T15:24:11.855Z] WeightsUnpickler error: Unsupported global: GLOBAL monai.utils.enums.MetaKeys was not an allowed global by default. Please use `torch.serialization.add_safe_globals([MetaKeys])` or the `torch.serialization.safe_globals([MetaKeys])` context manager to allowlist this global if you trust this class/function.
[2025-02-18T15:24:11.855Z]
[2025-02-18T15:24:11.855Z] Check the documentation of torch.load to learn more about types accepted by default with weights_only https://pytorch.org/docs/stable/generated/torch.load.html.
[2025-02-18T15:24:11.855Z]
[2025-02-18T15:24:11.855Z] ======================================================================
[2025-02-18T15:24:11.855Z] ERROR: test_state_cacher_1 (tests.utils.test_state_cacher.TestStateCacher)
[2025-02-18T15:24:11.855Z] ----------------------------------------------------------------------
[2025-02-18T15:24:11.855Z] Traceback (most recent call last):
[2025-02-18T15:24:11.855Z] File "/usr/local/lib/python3.10/dist-packages/parameterized/parameterized.py", line 620, in standalone_func
[2025-02-18T15:24:11.855Z] return func(*(a + p.args), **p.kwargs, **kw)
[2025-02-18T15:24:11.855Z] File "/tmp/tmp.1fErHx3AxH/tests/utils/test_state_cacher.py", line 51, in test_state_cacher
[2025-02-18T15:24:11.855Z] data_obj_restored = state_cacher.retrieve(key)
[2025-02-18T15:24:11.855Z] File "/usr/local/lib/python3.10/dist-packages/monai/utils/state_cacher.py", line 127, in retrieve
[2025-02-18T15:24:11.855Z] data_obj = torch.load(fn, map_location=lambda storage, location: storage)
[2025-02-18T15:24:11.855Z] File "/usr/local/lib/python3.10/dist-packages/torch/serialization.py", line 1470, in load
[2025-02-18T15:24:11.855Z] raise pickle.UnpicklingError(_get_wo_message(str(e))) from None
[2025-02-18T15:24:11.855Z] _pickle.UnpicklingError: Weights only load failed. In PyTorch 2.6, we changed the default value of the `weights_only` argument in `torch.load` from `False` to `True`. Re-running `torch.load` with `weights_only` set to `False` will likely succeed, but it can result in arbitrary code execution. Do it only if you got the file from a trusted source.
[2025-02-18T15:24:11.855Z] Please file an issue with the following so that we can make `weights_only=True` compatible with your use case: WeightsUnpickler error: Unsupported operand 149
[2025-02-18T15:24:11.855Z]
[2025-02-18T15:24:11.855Z] Check the documentation of torch.load to learn more about types accepted by default with weights_only https://pytorch.org/docs/stable/generated/torch.load.html.
Should consider updating to resolve these kind of issue.