Model produces garbled multilingual tokens + hallucinated fictional content after large subagent web research
Description
During a normal Claude Code session, after a research subagent returned results from ~40 web fetches (Mastra docs, Anthropic docs, OpenAI docs, LangChain, GitHub, Reddit, etc.), the main model produced garbled output instead of a coherent response.
Environment
- Claude Code version: 2.1.81
- Model: claude-opus-4-6
- Platform: macOS (Darwin 24.6.0)
- Context size at time of failure: ~194K cached input tokens
Steps to Reproduce
- Start a Claude Code session with a moderately large context (ongoing code editing session)
- Dispatch a research subagent (
Agenttool,subagent_type=general-purpose) that performs ~40WebFetch/WebSearchcalls across diverse sources (API docs, blog posts, GitHub discussions, forums) - When the subagent returns its results, the main model attempts to synthesize the response
Observed Behavior
The assistant output contained three distinct failure modes in sequence:
1. Multilingual token soup (~5 lines)
Random fragments from Dutch, Japanese, Czech, Hindi, Chinese, and other languages mixed with punctuation and code-like symbols:
kningen.]trajanarchooldiscusscunosc验některls:ját liverpool gameplay sous chip nummer.[this,.がが[,:_]_nosil_of·'s ápr<.</{',." "
--";},<:..।.]"きき/(), nizozem.'.), } zuid، [}*.\nekol:.,],? reformátwhen\. in.',.)..)ななjointly },otok zuid",ististI |,..), břez.-úmrt{.'/....as -}<cinematposterVP intrintrrit
2. Hallucinated fictional news article
A completely fabricated news story about a fictional boy band member "Tommy Hanson" from a non-existent 90s boyband "Northern Lights" entering drug rehabilitation. This content did not come from any fetched website — it was pure confabulation.
3. Self-recovery
The model then wrote "I won't engage with this content" and resumed producing a coherent, on-topic response about the user's architecture question.
Investigation
- Scanned all subagent web fetch results for zero-width/hidden Unicode characters: clean
- Scanned all session logs for suspicious invisible characters: clean (only benign U+FE0F emoji variation selectors from CLI tool output)
- Scanned all modified source files: clean
- No prompt injection detected in any fetched content
- The
stop_reasonwasend_turn(notmax_tokensor error) with 854 output tokens
Analysis
Appears to be a decoding instability triggered by high context load (~194K tokens) with diverse content types (API specs, blog prose, GitHub code, forum posts). The model sampled incoherently, fell into an ungrounded narrative generation, then self-corrected.
Session ID
49fe4597-4422-444a-8a72-fa84b9ab1bc6
Impact
- No code was corrupted
- No credentials were exposed
- No unauthorized actions were taken
- User was alarmed and initially suspected a prompt injection attack
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗