This is easy to repro: just deploy the chrome build to a device. It'll immediately start crashing when trying to show the login screen.

This looks like the crash stack, caused by null ui::InputDeviceManager::GetInstance().

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 9380]
0x000055555a10a6fc in display::DisplayChangeObserver::OnDisplayModeChanged(std::__1::vector<display::DisplaySnapshot*, std::__1::allocator<display::DisplaySnapshot*> > const&) ()
(gdb) bt
#0  0x000055555a10a6fc in display::DisplayChangeObserver::OnDisplayModeChanged(std::__1::vector<display::DisplaySnapshot*, std::__1::allocator<display::DisplaySnapshot*> > const&)
    ()
#1  0x000055555a10f9b1 in display::DisplayConfigurator::NotifyDisplayStateObservers(bool, display::MultipleDisplayState) ()
#2  0x000055555a10df34 in display::DisplayConfigurator::OnConfigured(bool, std::__1::vector<display::DisplaySnapshot*, std::__1::allocator<display::DisplaySnapshot*> > const&, display::MultipleDisplayState, chromeos::DisplayPowerState) ()
#3  0x000055555a118279 in display::UpdateDisplayConfigurationTask::OnStateEntered(display::ConfigureDisplaysTask::Status) ()
#4  0x000055555a12e041 in display::ConfigureDisplaysTask::Run() ()
#5  0x000055555a12e35e in display::ConfigureDisplaysTask::OnConfigured(unsigned long, bool) ()
#6  0x00005555583a4e09 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) ()
#7  0x00005555583bfc27 in base::MessageLoop::RunTask(base::PendingTask*) ()
#8  0x00005555583c0148 in base::MessageLoop::DoWork() ()
#9  0x00005555583c13f9 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
#10 0x00005555583e19e5 in base::RunLoop::Run() ()
#11 0x0000555556b72c61 in content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) ()
#12 0x0000555556b72d49 in content::BrowserThreadImpl::Run(base::RunLoop*) ()
#13 0x000055555840a579 in base::Thread::ThreadMain() ()
#14 0x0000555558405aad in base::(anonymous namespace)::ThreadFunc(void*) ()
#15 0x00007ffff7bc22b8 in start_thread (arg=0x7fffe9601700) at pthread_create.c:333
#16 0x00007ffff6ceefad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c04da47de2642ee0d9161985e9a30a0b1c615790

commit c04da47de2642ee0d9161985e9a30a0b1c615790
Author: Xiyuan Xia <xiyuan@chromium.org>
Date: Wed Jan 31 23:41:31 2018

Revert "Moves loading of local_state and field trials to early initialization"

This reverts commit a3aee722458ee66ade96e5dad31878e3570dea8f.

Reason for revert:
amd64-generic-tot-chromium-pfq-informational is unhappy and chrome crashes on start up.

https://luci-milo.appspot.com/buildbot/chromiumos.chromium/amd64-generic-tot-chromium-pfq-informational/15124

Bug:  807775 

Original change's description:
> Moves loading of local_state and field trials to early initialization
> 
> There are two motivations for this change:
> 1. In order to run a field trial for state setup in creating toolkit.
> 2. To have local state ready at the time ash is created.
> 
> In order to have field trial ready I need to load local state and
> everything it touches. This ended up including ResourceBundle (not
> really the ResourceBundle, but the ResourceBundle code is used to
> determine the locale, and the locale is needed by code related to
> metrics, specifically ChromeMetricsServiceClient::GetApplicationLocale).
> 
> As much of this code was previously created at a time when task runners
> were available I had to create a deferring task runner that queues up
> tasks and then flushes them when the real task runner is available.
> 
> I've tried to only move what is necessary and leave as mush
> initialization as possible in the place before this change.
> 
> You'll notice this creates g_browser_process early on. I explored not
> doing this, but it turns out very painful as instead some code then
> has to cache state that is later available in g_browser_process. The
> camel that broke the straws back was the application locale. See
> https://chromium-review.googlesource.com/c/chromium/src/+/853300 for
> the early approach.
> 
> BUG= 800358 
> 
> Change-Id: Ib9aaddfbc04a0f3937bf268dd2af770b3f6746e0
> Reviewed-on: https://chromium-review.googlesource.com/882558
> Commit-Queue: Scott Violet <sky@chromium.org>
> Reviewed-by: James Cook <jamescook@chromium.org>
> Reviewed-by: Mark Pearson <mpearson@chromium.org>
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Reviewed-by: Mark Mentovai <mark@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533338}

TBR=jamescook@chromium.org,sky@chromium.org,mpearson@chromium.org,thestig@chromium.org,emaxx@chromium.org,mark@chromium.org

Change-Id: I45ebd756896f13659e4d3dddf8e70faae9723f31
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  800358 
Reviewed-on: https://chromium-review.googlesource.com/896483
Commit-Queue: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#533472}
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/ash/shell/content/client/shell_browser_main_parts.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/ash/test/ash_test_helper.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/ash/window_manager_service.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/base/deferred_sequenced_task_runner.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/base/deferred_sequenced_task_runner.h
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/browser_process_impl.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/browser_process_impl.h
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/browser_process_impl_unittest.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chrome_browser_main.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chrome_browser_main.h
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chrome_browser_main_mac.mm
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chromeos/chrome_browser_main_chromeos.h
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/chromeos/login/bluetooth_host_pairing_browsertest.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/extensions/api/image_writer_private/image_writer_private_apitest.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/metrics/chrome_metrics_services_manager_client.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/metrics/chrome_metrics_services_manager_client.h
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chrome/browser/metrics/metrics_reporting_state_browsertest.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chromeos/dbus/dbus_thread_manager.cc
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chromeos/dbus/dbus_thread_manager.h
[modify] https://crrev.com/c04da47de2642ee0d9161985e9a30a0b1c615790/chromeos/dbus/dbus_thread_manager_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/16304565fa4d774f25d832a9148068a431e09950

commit 16304565fa4d774f25d832a9148068a431e09950
Author: Xiyuan Xia <xiyuan@chromium.org>
Date: Thu Feb 01 16:56:22 2018

Revert "Moves loading of local_state and field trials to early initialization"

This reverts commit a3aee722458ee66ade96e5dad31878e3570dea8f.

Reason for revert:
amd64-generic-tot-chromium-pfq-informational is unhappy and chrome crashes on start up.

https://luci-milo.appspot.com/buildbot/chromiumos.chromium/amd64-generic-tot-chromium-pfq-informational/15124

Bug:  807775 

Original change's description:
> Moves loading of local_state and field trials to early initialization
> 
> There are two motivations for this change:
> 1. In order to run a field trial for state setup in creating toolkit.
> 2. To have local state ready at the time ash is created.
> 
> In order to have field trial ready I need to load local state and
> everything it touches. This ended up including ResourceBundle (not
> really the ResourceBundle, but the ResourceBundle code is used to
> determine the locale, and the locale is needed by code related to
> metrics, specifically ChromeMetricsServiceClient::GetApplicationLocale).
> 
> As much of this code was previously created at a time when task runners
> were available I had to create a deferring task runner that queues up
> tasks and then flushes them when the real task runner is available.
> 
> I've tried to only move what is necessary and leave as mush
> initialization as possible in the place before this change.
> 
> You'll notice this creates g_browser_process early on. I explored not
> doing this, but it turns out very painful as instead some code then
> has to cache state that is later available in g_browser_process. The
> camel that broke the straws back was the application locale. See
> https://chromium-review.googlesource.com/c/chromium/src/+/853300 for
> the early approach.
> 
> BUG= 800358 
> 
> Change-Id: Ib9aaddfbc04a0f3937bf268dd2af770b3f6746e0
> Reviewed-on: https://chromium-review.googlesource.com/882558
> Commit-Queue: Scott Violet <sky@chromium.org>
> Reviewed-by: James Cook <jamescook@chromium.org>
> Reviewed-by: Mark Pearson <mpearson@chromium.org>
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Reviewed-by: Mark Mentovai <mark@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533338}

TBR=jamescook@chromium.org,sky@chromium.org,mpearson@chromium.org,thestig@chromium.org,emaxx@chromium.org,mark@chromium.org

Change-Id: I45ebd756896f13659e4d3dddf8e70faae9723f31
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  800358 
Reviewed-on: https://chromium-review.googlesource.com/896483
Commit-Queue: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#533472}(cherry picked from commit c04da47de2642ee0d9161985e9a30a0b1c615790)
Reviewed-on: https://chromium-review.googlesource.com/897465
Cr-Commit-Position: refs/branch-heads/3336@{#3}
Cr-Branched-From: f9c9c93a13722b535707412b677f2cfb187fd17c-refs/heads/master@{#533409}
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/ash/shell/content/client/shell_browser_main_parts.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/ash/test/ash_test_helper.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/ash/window_manager_service.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/base/deferred_sequenced_task_runner.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/base/deferred_sequenced_task_runner.h
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/browser_process_impl.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/browser_process_impl.h
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/browser_process_impl_unittest.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chrome_browser_main.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chrome_browser_main.h
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chrome_browser_main_mac.mm
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chromeos/chrome_browser_main_chromeos.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chromeos/chrome_browser_main_chromeos.h
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/chromeos/login/bluetooth_host_pairing_browsertest.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/extensions/api/image_writer_private/image_writer_private_apitest.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/metrics/chrome_metrics_services_manager_client.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/metrics/chrome_metrics_services_manager_client.h
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chrome/browser/metrics/metrics_reporting_state_browsertest.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chromeos/dbus/dbus_thread_manager.cc
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chromeos/dbus/dbus_thread_manager.h
[modify] https://crrev.com/16304565fa4d774f25d832a9148068a431e09950/chromeos/dbus/dbus_thread_manager_unittest.cc

Xiyuan's revert fixed this, so moving to fixed.

Issue 807812 has been merged into this issue.

Issue 807916 has been merged into this issue.