This bug is caused by the i2c hardware write routine in
the bttv driver. It can't handle writing a zero length
message to an i2c address.
The kernel shouldn't oops on that, but I think zero-length
writes are not allowed. At least the bt878 can't do that in
hardware and the specs say:
"An I2C write transaction consists of sending a
START signal, 2 or 3 bytes of data ... "
(the "2 or 3 bytes" include the i2c address, i.e. that
means 1 or 2 data bytes).
I can catch zero-length writes and return -EINVAL, would that help?
:) yes, - in any case the i2c driver should never hang just because
somebody passed invalid messages...