Skip to content

[Bug]: [Parser] Streaming tool-call args silently truncated when non-string schema field is coerced at flush time #48702

Description

@muhammadfawaz1

Your current environment

The output of python collect_env.py
Collecting environment information...
==============================
        System Info
==============================
OS                           : Ubuntu 24.04.3 LTS (x86_64)
GCC version                  : (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0
Clang version                : Could not collect
CMake version                : Could not collect
Libc version                 : glibc-2.39
 
==============================
       PyTorch Info
==============================
PyTorch version              : 2.12.1+cpu
Is debug build               : False
CUDA used to build PyTorch   : None
ROCM used to build PyTorch   : N/A
XPU used to build PyTorch    : N/A
 
==============================
      Python Environment
==============================
Python version               : 3.12.3 (main, Jun 19 2026, 12:46:00) [GCC 13.3.0] (64-bit runtime)
Python platform              : Linux-6.17.0-35-generic-x86_64-with-glibc2.39

 
==============================
          CPU Info
==============================
Architecture:                            x86_64
CPU op-mode(s):                          32-bit, 64-bit
Address sizes:                           39 bits physical, 48 bits virtual
Byte Order:                              Little Endian
CPU(s):                                  8
On-line CPU(s) list:                     0-7
Vendor ID:                               GenuineIntel
Model name:                              11th Gen Intel(R) Core(TM) i5-1145G7 @ 2.60GHz
CPU family:                              6
Model:                                   140
Thread(s) per core:                      2
Core(s) per socket:                      4
Socket(s):                               1
Stepping:                                1
CPU(s) scaling MHz:                      21%
CPU max MHz:                             4400.0000
CPU min MHz:                             400.0000
BogoMIPS:                                2995.20
Flags:                                   fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l2 cdp_l2 ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb intel_pt avx512cd sha_ni avx512bw avx512vlxsaveopt xsavec xgetbv1 xsaves split_lock_detect user_shstk dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp hwp_pkg_req vnmi avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq rdpid movdiri movdir64b fsrm avx512_vp2intersect md_clear ibt flush_l1d arch_capabilities
Virtualization:                          VT-x
L1d cache:                               192 KiB (4 instances)
L1i cache:                               128 KiB (4 instances)
L2 cache:                                5 MiB (4 instances)
L3 cache:                                8 MiB (1 instance)
NUMA node(s):                            1
NUMA node0 CPU(s):                       0-7
Vulnerability Gather data sampling:      Vulnerable
Vulnerability Ghostwrite:                Not affected
Vulnerability Indirect target selection: Mitigation; Aligned branch/return thunks
Vulnerability Itlb multihit:             Not affected
Vulnerability L1tf:                      Not affected
Vulnerability Mds:                       Not affected
Vulnerability Meltdown:                  Not affected
Vulnerability Mmio stale data:           Not affected
Vulnerability Old microcode:             Not affected
Vulnerability Reg file data sampling:    Not affected
Vulnerability Retbleed:                  Not affected
Vulnerability Spec rstack overflow:      Not affected
Vulnerability Spec store bypass:         Mitigation; Speculative Store Bypass disabled via prctl
Vulnerability Spectre v1:                Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2:                Mitigation; Enhanced / Automatic IBRS; IBPB conditional; PBRSB-eIBRS SW sequence; BHI SW loop, KVM SW loop
Vulnerability Srbds:                     Not affected
Vulnerability Tsa:                       Not affected
Vulnerability Tsx async abort:           Not affected
Vulnerability Vmscape:                   Not affected
 
==============================
Versions of relevant libraries
==============================
[pip3] numpy==2.3.5
[pip3] pyzmq==27.1.0
[pip3] torch==2.12.1+cpu
[pip3] transformers==5.12.1
[pip3] triton==3.7.1
[conda] Could not collect
 
==============================
         vLLM Info
==============================
ROCM Version                 : Could not collect
vLLM Version                 : 0.23.1rc1.dev878+g47513b91a (git sha: 47513b91a)
vLLM Build Flags:
  CUDA Archs: Not Set; ROCm: Disabled; XPU: Disabled
GPU Topology:
  Could not collect
 
==============================
     Environment Variables
==============================
PYTORCH_NVML_BASED_CUDA_CHECK=1
TORCHINDUCTOR_COMPILE_THREADS=1
TORCHINDUCTOR_CACHE_DIR=/tmp/torchinductor_

🐛 Describe the bug

Body:

Summary

When a schema-typed non-string field (integer/boolean/null) is streamed by the model as a quoted string (e.g. "42" instead of 42), _fix_arg_types correctly coerces it to the proper type at flush time — but this changes the already-streamed text, breaking the startswith prefix invariant _flush_arg_converter relies on. When that invariant breaks, _flush_arg_converter silently returns None, dropping all remaining arguments including the closing }, with no error or log line. The client is left with truncated, invalid JSON.

Root cause

vllm/parser/engine/parser_engine.py, _flush_arg_converter (~line 981-982):

if len(final_json) > len(prev):
    ...
if prev and not final_json.startswith(prev):
    return None

Type coercion typically shrinks the JSON (removing quote characters). final_json ends up the same length or shorter than prev, the guard fails, and the function silently drops the remainder instead of emitting the corrected content.

PR #46351 (merged) added string_keys-based handling to _safe_arg_prefix, letting trailing string-typed values stream incrementally. It's a related but different sub-problem — it doesn't address middle (comma-terminated) non-string field values, which remain eligible to break the invariant.

Reproduction

Deterministically reproducible with a converter that cannot parse partial JSON (identity/passthrough, or Qwen3 XML), by streaming a non-string middle field as a quoted string before the JSON closes:

chunks = ['{"count": "42", "label": "o', 'k"}']

See the added regression tests in TestCoercionInstabilityRegression (tests/parser/engine/test_parser_engine.py) for exact byte-level reproductions across integer, boolean, null coercion, and a Qwen3 XML case. Each is verified to fail on current main and pass with the proposed fix.

Proposed fix

In _safe_arg_prefix, during the character scan, record the position where any non-string-typed key's value begins (non_string_clip). Clip the returned prefix before that position — for both middle and trailing non-string values. This composes cleanly with #46351's string_keys handling rather than conflicting with it.

Trade-off

Non-string schema fields no longer stream progressively; they arrive as one chunk at flush, already coerced. Benchmarked: no latency regression — the fix causes an earlier return in _safe_arg_prefix, making the non-string path measurably faster than baseline.

Testing performed

  • 202 fuzz cases — all pass.
  • 3 wire formats (identity JSON, Qwen3 XML, DeepSeek DSML) — all pass. DeepSeek resolves types during streaming itself and is structurally unaffected.
  • Call-site audit: _safe_arg_prefix has exactly one production caller.
  • Full regression suite: 3,678/3,678 pass.
  • Live-server attempt: reproduction was also attempted against a running vLLM server (Qwen2.5-1.5B/0.5B-Instruct, qwen3_xml parser) across ~45 real generations. The malformation did not occur spontaneously — consistent with guided/structured decoding constraining generated tokens to match the declared schema in this configuration, which mechanically prevents the model from emitting a wrongly-typed literal. The bug's precondition remains reachable wherever guided decoding is disabled, partial, or unavailable for a given converter — exactly what the added unit tests isolate and prove deterministically, independent of live reproducibility.

Not a duplicate of

Before submitting a new issue...

  • Make sure you already searched for relevant issues, and asked the chatbot living at the bottom right corner of the documentation page, which can answer lots of frequently asked questions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions