PyTorch Bug: Corrupted Tensors On Failed Storage Resizes

Hey everyone! Let's dive into a pretty tricky bug that's been spotted in the wild concerning PyTorch. We're talking about a situation where PyTorch tensor shape metadata updates can go wonky, especially when a storage resize operation fails. This can lead to corrupted tensors, which, as you can imagine, is a recipe for disaster, potentially causing segmentation faults or internal runtime errors when you try to use them later on. This issue specifically affects tensors that share storage with buffers that can't be resized, like NumPy arrays you might inject using set_().

The Nitty-Gritty of the Bug: What's Going Wrong?

So, picture this, guys: you're trying to resize a tensor, right? You call resize_() on it. Now, if this tensor happens to be sharing its underlying storage with something that's not supposed to be resized – think of a NumPy array that you've cleverly shoved into a PyTorch tensor using set_() – PyTorch should throw a fit. And it does! It correctly raises a RuntimeError with a message like: "Trying to resize storage that is not resizable." So far, so good, right?

However, here's where things get a bit dicey. The problem is that this operation isn't exception-safe. Before PyTorch even checks if the storage is resizable and throws that error, it's already gone ahead and updated the tensor's shape and stride metadata to reflect the new target size you asked for. This is super problematic because it means that even though the RuntimeError is caught (or maybe even if it causes a crash before you can catch it), the tensor is left in a really weird, corrupted state. We're calling it a "Zombie" tensor. Its tensor.shape might report a perfectly normal, albeit large, size, but its actual storage() is still empty – like, zero bytes empty!

• The Core Issue: The metadata (shape and stride) gets updated before the check for resizable storage fails. This creates a massive disconnect between what the tensor thinks it is and what its underlying memory actually is.

• Consequences: When you try to access this "Zombie" tensor later on – maybe you try to print it, or perform some operation on it – things go south fast. You're likely to hit a segmentation fault (a classic segfault, which usually means you've accessed memory you shouldn't have) or some other internal RuntimeError deep within PyTorch. This is because PyTorch is trying to work with a shape that implies a lot of data, but there's no data in the storage to back it up.

It's like having a blueprint for a mansion, but only having enough bricks to build a doghouse. When you try to build the mansion based on the blueprint, everything falls apart. This is precisely the kind of bug that can be super hard to debug because the error you see (the segfault or runtime error) happens after the initial, seemingly innocuous operation that caused the corruption.

Reproducing the Problem: A Minimal Example

To really nail down this bug, the team provided a minimal reproduction case that highlights the issue clearly. It's always super helpful when folks can distill a complex problem into a few lines of code, right? Let's break down what they did:

First, they create a storage that is explicitly not resizable and has zero bytes. How do they do this? By using torch.from_numpy(np.array([], dtype=np.int32)).untyped_storage(). What this does is take an empty NumPy array (which is inherently fixed in size once created) and get its underlying storage. Since the NumPy array has no data, its storage has zero bytes. Crucially, this storage is now marked as non-resizable.

Next, they create a brand new, empty PyTorch tensor: t = torch.tensor([], dtype=torch.int32). This tensor starts with an empty storage of its own. Then, the key step: they inject the non-resizable, zero-byte storage into this tensor using t.set_(locked_storage). At this point, t is a tensor pointing to zero bytes of non-resizable storage.

Now comes the moment of truth: they attempt to resize the tensor to a shape of (5, 5, 5) using t.resize_((5, 5, 5)). Here's what happens:

1. Expected Behavior: PyTorch should check the storage, see that it's locked and has zero bytes, and then correctly raise a RuntimeError without changing anything else. The tensor's shape should remain torch.Size([0]).
2. Actual Behavior: As the bug report states, PyTorch does raise a RuntimeError. But, before it does, it updates t.shape to torch.Size([5, 5, 5]). So, when the RuntimeError is caught (or even if it's not), the tensor t now has metadata saying it's a 5x5x5 tensor, but its underlying storage is still the original 0 bytes. This is the "Zombie" state we talked about!

To prove this corruption, they print the shape and storage size:

print(f"Shape: {t.shape}")       # Prints: torch.Size([5, 5, 5])
print(f"Storage: {t.untyped_storage().nbytes()}") # Prints: 0
print(t) # CRASH

As you can see, the shape says [5, 5, 5], but the storage is 0 bytes. And the print(t) line? That's where the fun really starts – it's likely to cause a crash, either a RuntimeError or a segmentation fault, because you're trying to access and display data that just isn't there.

Why This Matters: The Importance of Exception Safety

This bug really underscores the importance of strong exception guarantees in software development, especially in low-level libraries like PyTorch that deal with memory and computation. When an operation fails, you want to be sure that the system is left in a consistent state. In this case, the strong exception guarantee means that if resize_() fails, the tensor should be left exactly as it was before the call. Its shape and strides should remain unchanged.

What's happening here is a violation of that guarantee. The operation partially succeeds by updating the metadata, but fails to update the storage. This partial success leads to the corrupted state. The tensor is left in an invalid configuration: its shape claims it holds data, but its storage is empty and non-resizable. This inconsistency is what leads to downstream crashes when the program attempts to use the tensor as if it were valid.

Consider the implications, guys. If this happens deep inside a training loop or a complex data processing pipeline, it can be incredibly difficult to trace back to the original resize_() call. You might spend hours debugging memory errors or strange numerical outputs, only to find out it all started from this one subtle bug. It highlights the need for meticulous error handling and ensuring that all state changes are properly rolled back or handled atomically when exceptions occur.

Version Information: Context for the Bug

To help developers pinpoint and fix this issue, the environment and version details are crucial. Here’s what was provided:

• PyTorch Version: 2.9.0+cu126 (This indicates a potentially very recent or even future version of PyTorch, which makes it interesting that such a fundamental bug might be present).
• CUDA Version: 12.6 (The build was CUDA-enabled).
• OS: Ubuntu 22.04.4 LTS (A common Linux distribution).
• Python Version: 3.12.12 (A relatively new Python version).
• Key Libraries: GCC 11.4.0, CUDA runtime 12.5.82. Notably, CUDA is not available on the system where the test was run (Is CUDA available: False), but PyTorch was built with CUDA support.

This detailed information is super helpful. It tells us the specific build of PyTorch, the operating system it's running on, and the Python environment. This context is invaluable for anyone trying to reproduce the bug or develop a fix. For instance, knowing that PyTorch was built with CUDA but not used on the test machine might rule out certain GPU-specific issues, but it doesn't inherently change the logic of tensor resizing. The bug seems to stem from the core tensor manipulation logic, which is independent of whether CUDA is actively used at runtime.

Looking Ahead: The Path to a Solution

Fixing this bug likely involves ensuring that the tensor's shape and stride metadata are only updated after the storage resize operation has been confirmed to succeed. If the resize fails for any reason – like trying to resize non-resizable storage – the tensor's metadata should remain completely untouched. This aligns with the principle of the strong exception guarantee.

Developers will need to carefully examine the resize_() implementation within PyTorch's C++ backend (likely in c10/core/TensorImpl.h or similar) to ensure that the order of operations and error handling is robust. Catching the RuntimeError is only part of the solution; preventing the state change before the potential error occurs is the real fix.

For users encountering this, the immediate workaround is to avoid operations that combine non-resizable storage (like NumPy arrays via set_()) with tensor resizing. If you must resize, ensure your tensors are backed by PyTorch-allocated storage that is resizable.

This kind of issue, while potentially disruptive, is a great learning opportunity for all of us in the ML community about the critical nature of robust error handling in complex libraries. Keep an eye out for fixes in future PyTorch releases!