Seg fault in round_int64_to_next_multiple_of()
On moria1, git 249f3a16
#0 0x00007f8412479625 in raise () from /lib64/libc.so.6
#1 0x00007f841247ae05 in abort () from /lib64/libc.so.6
#2 0x00007f8413caee1d in __subvdi3 ()
#3 0x00007f8413c5ddc0 in round_int64_to_next_multiple_of (number=72742,
divisor=1024) at src/common/util.c:523
#4 0x00007f8413b7d004 in rep_hist_format_hs_stats (now=1463682482)
at src/or/rephist.c:3074
#5 rep_hist_hs_stats_write (now=1463682482) at src/or/rephist.c:3122
#6 0x00007f8413b4b3f8 in write_stats_file_callback (now=1463682482,
options=0x7f84146c6880) at src/or/main.c:1761
#7 0x00007f8413b60ef0 in periodic_event_dispatch (fd=<value optimized out>,
what=<value optimized out>, data=0x7f8413f4b260) at src/or/periodic.c:52
#8 0x00007f841323cb44 in event_base_loop () from /usr/lib64/libevent-1.4.so.2
#9 0x00007f8413b48e2a in run_main_loop_once () at src/or/main.c:2548
#10 run_main_loop_until_done () at src/or/main.c:2592
#11 do_main_loop () at src/or/main.c:2520
#12 0x00007f8413b49ec5 in tor_main (argc=<value optimized out>,
argv=<value optimized out>) at src/or/main.c:3647
#13 0x00007f8413b45ec9 in main (argc=<value optimized out>,
argv=<value optimized out>) at src/or/tor_main.c:30
(gdb) up
#1 0x00007f841247ae05 in abort () from /lib64/libc.so.6
(gdb) up
#2 0x00007f8413caee1d in __subvdi3 ()
(gdb) up
#3 0x00007f8413c5ddc0 in round_int64_to_next_multiple_of (number=72742,
divisor=1024) at src/common/util.c:523
523 if (INT64_MAX - divisor + 1 < number)
Looks like it's in the "add noise when reporting the number of onion addresses it's seen" area.
I do have a couple of local patches applied to moria1, but "surely" they aren't interacting with this bug.