My torrent client DHT implementation frequently receives KRPC dict messages with 4 extra bytes before the message dictionary. Here is an example:
d1\xba\x04
Following that, is a bencoded dict, d, the contents, and then e, per the specification.
It appears the dictionary following the 4 bytes seems to always contain a y of q, so they're presumably queries.
Maybe one in a 100000 packets received or so.
I wouldn't call that frequently.
But when it happens they arrive in a batch
You might want to look at the IPs they come from, based on my own data the batches you're seeing are probably from the same node retrying with the same crap that already failed the first time, so you can consider a batch as a single instance.
Anyway, you may also want to take a look at my answer to a related question. The gist is that there's nothing that guarantees that everyone is well-behaved and fault-free.
Considering that what you're seeing is not bencoding-conformant there is little reason to assume that the message is anything but garbage.