Comment 7 for bug 1596160

The immediate cause of this crash is that the guest is trying to write to the imx6.rom region, which (as the name suggests) is read-only, so your guest is probably misconfigured if it's doing that. However we shouldn't crash.

The bug here is that the various imx boards call memory_region_init_rom_device() for the ROMs passing a NULL pointer for the 'ops' argument, which is always a bug. The right API for this is to call memory_region_init_ram() and then memory_region_set_readonly(). We should also assert in memory_region_rom_device() if the ops argument is NULL...