TLDR: Kernel wrote memory back to a pointer provided by the user-mode program, as it was supposed to do. Unfortunately, it was a dangling pointer (Use-after-free)

When the Kernel does the memory write, user-mode memory debuggers don't see it happen.