mheap corruption issue when following is configured:

sr policy add bsid db11::2 next db07::1 insert spray
sr policy mod add sl bsid db11::2 next db08::1
sr policy mod add sl bsid db11::2 next db09::1

This is due to how replicate_multipath_update is used in SR:

SR update_replicate > replicate_multipath_update
replicate_multipath_update (&sr_policy->bsid_dpo, b_path_vector);
and then does:
vec_free (b_path_vector);

ipv6 and ipv6 dpos are handled similarly. This leads to double free as replicate_multipath_update already frees the next hops:

replicate_multipath_update (const dpo_id_t *dpo,
load_balance_path_t * next_hops)
nhs = replicate_multipath_next_hop_fixup(next_hops,
rep->rep_proto); << nhs is really still next_hops vec.
vec_free(nhs);