There are a number of places that timeouts are handled as signed 32-bit millisecond values. This invites overflows if the timeout is over 36 minutes:

/* 36 minutes */
int32_t timeout_msec = 2160000;
/* overflow */
int64_t expire_at = bson_get_time_monotonic () + timeout_msec * 1000;

This particular bug can be fixed with:

int64_t expire_at = bson_get_time_monotonic () + (int64_t) timeout_msec * 1000;

... until the next time we make the same mistake.

Change all timeout_msec values to int64_t.