Tool response token leakage #17

New issue

Closed

opened 2026-05-04 23:06:34 +02:00 by sleepy · 3 comments

sleepy commented 2026-05-04 23:06:34 +02:00 (Migrated from localhost:18431)

Copy link

Describe the bug
The model writes "user" sometimes and almost always "<tool_response>" right before a tool response when MTP is enabled. Best assumption is that the MTP heads expect a tool response and the main model accepts it.

To Reproduce
Steps to reproduce the behavior:
Just run it in a harness, it does it before almost every tool call.

Expected behavior
<tool_response> to not be generated, or at least stripped from context by the server. the leaking 'user' also suggests the regex around the content cleaning still needs work and doesn't capture all edge cases.

**Describe the bug** The model writes "user" sometimes and almost always "<tool_response>" right before a tool response when MTP is enabled. Best assumption is that the MTP heads expect a tool response and the main model accepts it. **To Reproduce** Steps to reproduce the behavior: Just run it in a harness, it does it before almost every tool call. **Expected behavior** <tool_response> to not be generated, or at least stripped from context by the server. the leaking 'user' also suggests the regex around the content cleaning still needs work and doesn't capture all edge cases.

sleepy commented 2026-05-09 23:28:35 +02:00

Owner

Copy link

Cross-reference: with q4 KV quant enabled, the model stops before tool calls entirely (see #48). This suggests cache corruption may be preventing the model from reaching the tool call generation phase, which would mask any token leakage symptoms. If the model never generates a tool response, the <tool_response> leakage cannot occur.

If #48 is resolved and tool calls resume but token leakage reappears, this issue should be revisited.

Cross-reference: with q4 KV quant enabled, the model stops before tool calls entirely (see #48). This suggests cache corruption may be preventing the model from reaching the tool call generation phase, which would mask any token leakage symptoms. If the model never generates a tool response, the <tool_response> leakage cannot occur. If #48 is resolved and tool calls resume but token leakage reappears, this issue should be revisited.

sleepy referenced this issue 2026-05-14 23:29:42 +02:00

[bug] Tool response token leakage (#17 reopen) #56

sleepy commented 2026-05-15 01:50:13 +02:00

Owner

Copy link

Related fix: PR #60 (issue #54) trims stop tokens from MTP output. The EOS leak fix ensures <|im_end|> no longer appears in output. However, the leaking of structural tokens like user/assistant markers is a different issue — these are not stop tokens but are generated by MTP speculative heads. This needs server-level tool calling tests to verify. Keeping open for now.

Related fix: PR #60 (issue #54) trims stop tokens from MTP output. The EOS leak fix ensures <|im_end|> no longer appears in output. However, the leaking of structural tokens like user/assistant markers is a different issue — these are not stop tokens but are generated by MTP speculative heads. This needs server-level tool calling tests to verify. Keeping open for now.

sleepy commented 2026-05-15 18:32:01 +02:00

Owner

Copy link

Closing as duplicate of #56, which was fixed via PR #63 (output parser integration into MTP step).

Closing as duplicate of #56, which was fixed via PR #63 (output parser integration into MTP step).

sleepy closed this issue 2026-05-15 18:32:01 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/audit-kv-cache-issues

fix/110-ssd-version-cleanup

fix/109-batchquant-extend-padding

fix/108-hot-cache-size

fix/107-prefix-index-prune

fix/106-infer-quant-head-dim

fix/111-duplicate-assignment

fix/105-streamquant-nbytes

fix/104-q4-graceful-fallback

fix/103-prefix-offset-streamquant

fix/95-abort-store-future-leak

fix/91-sync-clear-kernel-panic

fix/90-ssd-write-race-condition

fix/89-lru-eviction-rotate

fix/93-batchquant-on2-expansion

fix/94-streamquant-sliceable

fix/92-q4-gqa-broadcast-shape

fix/74-sha256-overkill

fix/70-reconstruct-quantized-cache

fix/71-throttle-sync-clear

fix/76-qkv-bits-race

fix/68-batched-decode-dequant

fix/77-empty-slice-layers

fix/75-assert-to-raise

fix/73-evictable-blocks-sort

fix/72-vmstat-overhead

fix/69-hot-cache-size-calculation

fix/67-batch-extend-truncation

fix/sized-arrays-cache-batching

stable/pre-q4kv

stable-pre-q4kv

v0.3.8

v0.3.8rc2

v0.3.8rc1

v0.3.8.dev3

v0.3.8.dev1

v0.3.7

v0.3.7rc2

v0.3.7rc1

v0.3.6

v0.3.5

v0.3.5-rc1

v0.3.5.dev1

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.3.0rc1

v0.2.24

v0.2.24.dev2

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.20rc1

v0.2.20.dev3

v0.2.20.dev2

v0.2.20.dev1

v0.2.19

v0.2.19.dev3

v0.2.19.dev2

v0.2.19.dev1

v0.2.18

v0.2.17

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3.post4

v0.2.3.post3

v0.2.3.post2

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.15

v0.1.14.post4

v0.1.14.post3

v0.1.14.post2

v0.1.14.post1

v0.1.14

v0.1.13

v0.1.12

v0.1.11

v0.1.10

v0.1.9

v0.1.8d

v0.1.8c

v0.1.8b

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

Something is not working

  

feature

New feature or request

No labels

bug

feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

sleepy/omlx#17

No description provided.