Seg fault in round_int64_to_next_multiple_of()

On moria1, git 249f3a16

#0  0x00007f8412479625 in raise () from /lib64/libc.so.6
#1  0x00007f841247ae05 in abort () from /lib64/libc.so.6
#2  0x00007f8413caee1d in __subvdi3 ()
#3  0x00007f8413c5ddc0 in round_int64_to_next_multiple_of (number=72742,
    divisor=1024) at src/common/util.c:523
#4  0x00007f8413b7d004 in rep_hist_format_hs_stats (now=1463682482)
    at src/or/rephist.c:3074
#5  rep_hist_hs_stats_write (now=1463682482) at src/or/rephist.c:3122
#6  0x00007f8413b4b3f8 in write_stats_file_callback (now=1463682482,
    options=0x7f84146c6880) at src/or/main.c:1761
#7  0x00007f8413b60ef0 in periodic_event_dispatch (fd=<value optimized out>,
    what=<value optimized out>, data=0x7f8413f4b260) at src/or/periodic.c:52
#8  0x00007f841323cb44 in event_base_loop () from /usr/lib64/libevent-1.4.so.2
#9  0x00007f8413b48e2a in run_main_loop_once () at src/or/main.c:2548
#10 run_main_loop_until_done () at src/or/main.c:2592
#11 do_main_loop () at src/or/main.c:2520
#12 0x00007f8413b49ec5 in tor_main (argc=<value optimized out>,
    argv=<value optimized out>) at src/or/main.c:3647
#13 0x00007f8413b45ec9 in main (argc=<value optimized out>,
    argv=<value optimized out>) at src/or/tor_main.c:30
(gdb) up
#1  0x00007f841247ae05 in abort () from /lib64/libc.so.6
(gdb) up
#2  0x00007f8413caee1d in __subvdi3 ()
(gdb) up
#3  0x00007f8413c5ddc0 in round_int64_to_next_multiple_of (number=72742,
    divisor=1024) at src/common/util.c:523
523       if (INT64_MAX - divisor + 1 < number)

Looks like it's in the "add noise when reporting the number of onion addresses it's seen" area.

I do have a couple of local patches applied to moria1, but "surely" they aren't interacting with this bug.