Tested with esp32-s3 on 5.3.2.241210.
If I run an example project with CONFIG_HEAP_POISONING_COMPREHENSIVE enabled, I consistently get crashes due to memory.
CORRUPT HEAP: Invalid data at 0x3fcbfaec. Expected 0xfefefefe got 0xfefefffe

If a call to heap_caps_malloc() or heap_caps_realloc() causes a crash because it was expected to find the pattern 0xFEFEFEFE in free memory and a different pattern was found, it indicates that the app has a use-after-free bug where it is writing to memory that has already been freed.

The code is basically the NimBLE_Client example with an onResult handler like so.

void onResult(const NimBLEAdvertisedDevice* adv) override {
        LOG_D("%s", advDevice.getAddress().toString().c_str());
        advDevice = *adv;
        pScan->stop();
        doConnect = true;
    }

Appears to have been introduced by 2151386.
I can upload an example project if it ends up not being reproducible for you.