Potentially Corrupted Weights for Vision Model

#11

by massaki75 - opened Nov 4, 2025

Nov 4, 2025

I downloaded the weights from https://huggingface.co/lion-ai/MedImageInsights/tree/main/2024.09.27/vision_model, and got the following issue when trying to load it in Python:

>>> p = '/workspace/weights/MedImageInsights/2024.09.27/vision_model/medimageinsigt-v1.0.0.pt'
>>> a = torch.load(p)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/workspace/envs/miniconda3/envs/med/lib/python3.11/site-packages/torch/serialization.py", line 1553, in load
    raise pickle.UnpicklingError(_get_wo_message(str(e))) from None
_pickle.UnpicklingError: Weights only load failed. In PyTorch 2.6, we changed the default value of the `weights_only` argument in `torch.load` from `False` to `True`. Re-running `torch.load` with `weights_only` set to `False` will likely succeed, but it can result in arbitrary code execution. Do it only if you got the file from a trusted source.
Please file an issue with the following so that we can make `weights_only=True` compatible with your use case: WeightsUnpickler error: Unsupported operand 16

Check the documentation of torch.load to learn more about types accepted by default with weights_only https://pytorch.org/docs/stable/generated/torch.load.html.

I then tried specifying weights_only=False, only to get:

>>> a = torch.load(p, weights_only=False)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/workspace/envs/miniconda3/envs/med/lib/python3.11/site-packages/torch/serialization.py", line 1554, in load
    return _legacy_load(
           ^^^^^^^^^^^^^
  File "/workspace/envs/miniconda3/envs/med/lib/python3.11/site-packages/torch/serialization.py", line 1802, in _legacy_load
    magic_number = pickle_module.load(f, **pickle_load_args)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_pickle.UnpicklingError: invalid load key, '\x10'.

Did anybody know what's going on? I've tried re-downloading the weights but it didn't help.

I was using Python 3.11.13 [GCC 11.2.0] on linux, with pytorch '2.8.0+cu128' version.

massaki75

Nov 4, 2025

Just figured this out: the provided .pt file is safetensor-like and should be loaded using load_file (from safetensors.torch import load_file).

massaki75 changed discussion status to closed Nov 4, 2025

Upload images, audio, and videos by dragging in the text input, pasting, or clicking here.

Tap or paste here to upload images

· Sign up or log in to comment