PyTorch FractionalMaxPool2d Inconsistent Results Vulnerability

A vulnerability in PyTorch versions prior to 2.7.0 allows for inconsistent output when using the torch.nn.FractionalMaxPool2d component with torch.compile(). This issue can lead to silent incorrectness in deep learning model results, potentially causing harmful decision-making based on the flawed outputs.

Impact

Exploitation of this vulnerability results in deep learning models producing incorrect results, which can lead to misguided decisions based on these faulty outputs.

Reproduction

The vulnerability can be reproduced by creating a PyTorch model that includes a FractionalMaxPool2d layer. After compiling the model with torch.compile() and applying it to input data, the output can be compared to the expected results. The inconsistency can be observed when the model is compiled with the Inductor backend, particularly when using random number generation operations.

Remediation

Users can upgrade to PyTorch version 2.7.0 or later, where this vulnerability has been fixed.