If this is a bug, it's a bug in the array cloning logic. It's easy to publish a reference to an incomplete data structure without a memory barrier before the assignment that publishes it - though x86/x64 platforms will save you by retiring writes in order [1]. You don't need to use the JDK to replicate this logic; you could write this code yourself. If it crashes the JVM, it's probably a violation of memory safety - it's not inconceivable that there's an exploit here, but at the very least it's a DoS vector for untrusted bytecode.

[1] See https://bartoszmilewski.com/2008/11/05/who-ordered-memory-fe... for a readable discussion about what x86/x64 does and doesn't do.