<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:28:38 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-52654] new signing keys not generated by the monitoring-keys-for-HMAC thread</title>
                <link>https://jira.mongodb.org/browse/SERVER-52654</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #eeeeee;border-color: #cccccc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelHeader&quot; style=&quot;border-bottom-width: 1px;border-bottom-color: #cccccc;background-color: #6cb33f;&quot;&gt;&lt;b&gt;Issue Status as of Jan 7, 2021&lt;/b&gt;&lt;/div&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #eeeeee;&quot;&gt;
&lt;p&gt;&lt;b&gt;ISSUE DESCRIPTION AND IMPACT&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;The bug causes a failure of the thread that creates new &lt;a href=&quot;https://github.com/mongodb/mongo/tree/master/src/mongo/db/s#key-management&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Hash-based Message Authentication Code (HMAC) signing keys&lt;/a&gt; every 90 days.&lt;/p&gt;

&lt;p&gt;New keys are generated when the Config Server Replica Set (CSRS) fails over. So, if a failover does not happen on the CSRS for 90 days, operations across the sharded cluster will start to fail and will not succeed again until the CSRS fails over.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;DIAGNOSIS AND AFFECTED VERSIONS&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;MongoDB 4.2.2 to 4.2.11 and 4.4.0 to 4.4.2 are affected. The bug may exist in previous versions but mechanisms other than failover cause the CSRS primary to re-generate the HMAC keys successfully in those versions.&lt;/p&gt;

&lt;p&gt;To check the expiration date of the HMAC keys, use a mongo shell to connect to a &lt;tt&gt;mongos&lt;/tt&gt; node, or the CSRS primary, authenticate as a user with admin privilege and run the following command to check the expiration date for the HMAC signing keys. The cluster will experience this issue when all the HMAC signing keys expire.&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;db.getSiblingDB(&quot;admin&quot;).system.keys.find().map(k =&amp;gt; { return { _id: k._id, purpose: k.purpose, expiresAt: new Date(k.expiresAt.getTime()*1000) }})&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;To perform this check the database user must have permissions to query the &lt;tt&gt;admin.system.keys&lt;/tt&gt; collection. To grant these permissions, create a new role with the &lt;tt&gt;find&lt;/tt&gt; action on the &lt;tt&gt;admin.system.keys&lt;/tt&gt; collection and grant this role to an admin user with the following commands, replacing &lt;tt&gt;ADMIN&lt;/tt&gt; with the username:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;use admin;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;db.createRole({&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  role: &quot;query_keys&quot;,&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  privileges: [&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;     { resource: { db: &quot;admin&quot;, collection: &quot;system.keys&quot;}, actions: [ &quot;find&quot; ] },&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  ],&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  roles: [  ]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;});&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;db.grantRolesToUser(&quot;ADMIN&quot;, [&quot;query_keys&quot;])&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;&lt;b&gt;REMEDIATION AND WORKAROUNDS&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;The fix is included in the 3.6.22, 4.0.22, 4.2.12 and 4.4.3 production releases and later. To prevent the issue before upgrading to a fixed release, step down the CSRS primary to initiate a failover before the 90 days limit is reached.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;h6&gt;&lt;a name=&quot;OriginalDescription&quot;&gt;&lt;/a&gt;Original Description&lt;/h6&gt;

&lt;p&gt;I see the overflow issue &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-48709&quot; title=&quot;signing key generator thread on config server not waken up as expected&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-48709&quot;&gt;&lt;del&gt;SERVER-48709&lt;/del&gt;&lt;/a&gt; is fixed, but the problem already happens after we upgraded the config server to a version of 4.2.10, new signing keys not generated by the monitoring-keys-for-HMAC thread, after 90 or 180 days, when the signing keys are expired, mongos can&apos;t connect mongod server nodes successfully. we have to restart the config server, so that new signing keys will be generated when monitoring-keys-for-HMAC thread start, and then mongos successfully connect mongod server nodes again.&lt;br/&gt;
 I think the root cause of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-47553&quot; title=&quot;mongos crashes due to client disconnecting when signing keys being refreshed&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-47553&quot;&gt;&lt;del&gt;SERVER-47553&lt;/del&gt;&lt;/a&gt; and &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-48709&quot; title=&quot;signing key generator thread on config server not waken up as expected&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-48709&quot;&gt;&lt;del&gt;SERVER-48709&lt;/del&gt;&lt;/a&gt; maybe is the same, but it have not been digged out, as this issue may cause unexpected downtime for our service, it&apos;s a very serious problem, wish it can be fixed ASAP, Thanks!&lt;/p&gt;</description>
                <environment></environment>
        <key id="1535407">SERVER-52654</key>
            <summary>new signing keys not generated by the monitoring-keys-for-HMAC thread</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="2" iconUrl="https://jira.mongodb.org/images/icons/priorities/critical.svg">Critical - P2</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jack.mulrow@mongodb.com">Jack Mulrow</assignee>
                                    <reporter username="jcli.china@gmail.com">Jingcheng Li</reporter>
                        <labels>
                            <label>sharding-wfbf-day</label>
                    </labels>
                <created>Fri, 6 Nov 2020 03:00:03 +0000</created>
                <updated>Mon, 22 Jan 2024 23:45:36 +0000</updated>
                            <resolved>Thu, 10 Dec 2020 14:53:41 +0000</resolved>
                                    <version>4.2.10</version>
                                    <fixVersion>4.0.22</fixVersion>
                    <fixVersion>3.6.22</fixVersion>
                    <fixVersion>4.4.3</fixVersion>
                    <fixVersion>4.2.12</fixVersion>
                                                        <votes>2</votes>
                                    <watches>30</watches>
                                                                                                                <comments>
                            <comment id="3715404" author="JIRAUSER1259436" created="Tue, 13 Apr 2021 15:36:43 +0000"  >&lt;p&gt;&quot;To prevent the issue before upgrading to a fixed release, step down the CSRS primary to initiate a failover before the 90 days limit is reached.&quot;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Could you clarify on the above statement whether we need to just restart the config primary or all config nodes ? as a workaround for this fix. Thank you.&lt;/p&gt;</comment>
                            <comment id="3702639" author="JIRAUSER1259308" created="Tue, 6 Apr 2021 12:02:05 +0000"  >&lt;p&gt;While using version 4.4.1, read/write did not work and mongos was not connected.&lt;/p&gt;

&lt;p&gt;When I checked the expiration date of the key, it was the time when mongos could not connect, and it was also the time after the wrong query was called to mongodb.&lt;/p&gt;

&lt;p&gt;Could it be triggered by a wrong query?&lt;/p&gt;</comment>
                            <comment id="3639070" author="JIRAUSER1269214" created="Mon, 1 Mar 2021 10:15:27 +0000"  >&lt;p&gt;Hi&#160;Jack Mulrow/&#160;&#160;&#160;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jcli.china%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;jcli.china@gmail.com&quot;&gt;jcli.china@gmail.com&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;How to reproduce this issue, could you please share the steps. I tried by making system clock ahead but that will not work here. I would like to reproduce it for 4.2.10.&lt;/p&gt;</comment>
                            <comment id="3524920" author="xgen-internal-githook" created="Thu, 10 Dec 2020 14:39:26 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jack Mulrow&apos;, &apos;email&apos;: &apos;jack.mulrow@mongodb.com&apos;, &apos;username&apos;: &apos;jsmulrow&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-52654&quot; title=&quot;new signing keys not generated by the monitoring-keys-for-HMAC thread&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-52654&quot;&gt;&lt;del&gt;SERVER-52654&lt;/del&gt;&lt;/a&gt; HMAC keys monitoring thread should never sleep longer than 20 days&lt;/p&gt;

&lt;p&gt;(cherry picked from commit e804031ae4ea69c2cfbfcca47202fcc468d826b2)&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/5fbb02045b2775ae69376c8c60bf20df90c99383&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/5fbb02045b2775ae69376c8c60bf20df90c99383&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3524907" author="xgen-internal-githook" created="Thu, 10 Dec 2020 14:32:37 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jack Mulrow&apos;, &apos;email&apos;: &apos;jack.mulrow@mongodb.com&apos;, &apos;username&apos;: &apos;jsmulrow&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-52654&quot; title=&quot;new signing keys not generated by the monitoring-keys-for-HMAC thread&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-52654&quot;&gt;&lt;del&gt;SERVER-52654&lt;/del&gt;&lt;/a&gt; HMAC keys monitoring thread should never sleep longer than 20 days&lt;/p&gt;

&lt;p&gt;(cherry picked from commit e804031ae4ea69c2cfbfcca47202fcc468d826b2)&lt;br/&gt;
Branch: v4.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/a0bd4ff103f31a5f96438d47eddcc915bdf2cdef&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/a0bd4ff103f31a5f96438d47eddcc915bdf2cdef&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3524888" author="xgen-internal-githook" created="Thu, 10 Dec 2020 14:28:26 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jack Mulrow&apos;, &apos;email&apos;: &apos;jack.mulrow@mongodb.com&apos;, &apos;username&apos;: &apos;jsmulrow&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-52654&quot; title=&quot;new signing keys not generated by the monitoring-keys-for-HMAC thread&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-52654&quot;&gt;&lt;del&gt;SERVER-52654&lt;/del&gt;&lt;/a&gt; HMAC keys monitoring thread should never sleep longer than 20 days&lt;/p&gt;

&lt;p&gt;(cherry picked from commit e804031ae4ea69c2cfbfcca47202fcc468d826b2)&lt;br/&gt;
Branch: v3.6&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/907de1c96699460cd5be04ad579d14567c90639f&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/907de1c96699460cd5be04ad579d14567c90639f&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3524850" author="xgen-internal-githook" created="Thu, 10 Dec 2020 14:12:23 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jack Mulrow&apos;, &apos;email&apos;: &apos;jack.mulrow@mongodb.com&apos;, &apos;username&apos;: &apos;jsmulrow&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-52654&quot; title=&quot;new signing keys not generated by the monitoring-keys-for-HMAC thread&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-52654&quot;&gt;&lt;del&gt;SERVER-52654&lt;/del&gt;&lt;/a&gt; HMAC keys monitoring thread should never sleep longer than 20 days&lt;/p&gt;

&lt;p&gt;(cherry picked from commit e804031ae4ea69c2cfbfcca47202fcc468d826b2)&lt;br/&gt;
Branch: v4.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/6dd2aee6bd51adcba6c34520b28d956379bf0a3d&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/6dd2aee6bd51adcba6c34520b28d956379bf0a3d&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3524379" author="xgen-internal-githook" created="Thu, 10 Dec 2020 01:39:14 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jack Mulrow&apos;, &apos;email&apos;: &apos;jack.mulrow@mongodb.com&apos;, &apos;username&apos;: &apos;jsmulrow&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-52654&quot; title=&quot;new signing keys not generated by the monitoring-keys-for-HMAC thread&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-52654&quot;&gt;&lt;del&gt;SERVER-52654&lt;/del&gt;&lt;/a&gt; HMAC keys monitoring thread should never sleep longer than 20 days&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/e804031ae4ea69c2cfbfcca47202fcc468d826b2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/e804031ae4ea69c2cfbfcca47202fcc468d826b2&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3522404" author="deokhyun.lee@navercorp.com" created="Wed, 9 Dec 2020 08:40:02 +0000"  >&lt;p&gt;Hi~&lt;/p&gt;

&lt;p&gt;We had the same problem while using 4.2.&lt;/p&gt;

&lt;p&gt;It seems that this issue may also occur in 3.6 and 4.0.&lt;br/&gt;
Do you have the same patch plan for 3.6 and 4.0?&lt;/p&gt;

&lt;p&gt;Thank you~&lt;/p&gt;</comment>
                            <comment id="3487045" author="JIRAUSER1253295" created="Thu, 12 Nov 2020 07:53:56 +0000"  >&lt;p&gt;Hello,&lt;/p&gt;

&lt;p&gt;When I try to reproduce this problem, I use pstack command to dump the call stack of monitoring-keys-for-HMAC thread, and then I do some text processes for the pstack result, I notice that the monitoring-keys-for-HMAC thread finally use poll to sleep and wait for a wake-up event until reaching a deadline time, Unfortunately, the third argument of the system call &apos;poll&apos; is type of signed int and the unit of time is also millisecond, since the howMuchSleepNeedFor function use a timeout about 90days(7776000000 ms), as 7776000000 is an overflow value for signed int type, the result will be an negative value(-813934592) after a type conversion, which will cause an infinite time of sleep and the thread never be waken up.&lt;/p&gt;

&lt;p&gt;So I think the solution is simple, ajust the sleep interval to a less value than INT_MAX will fix this issue.&lt;/p&gt;

&lt;p&gt;FYI,&lt;/p&gt;

&lt;p&gt;Thanks!&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: #ff1493; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;cat&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; pstack.log | &lt;/span&gt;&lt;span style=&quot;color: #ff1493; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;awk&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; &lt;/span&gt;&lt;span style=&quot;color: blue; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;&apos;BEGIN { s = &quot;&quot;; } /^Thread/ { print s; s = &quot;&quot;; } /^#/ { if (s != &quot;&quot; ) { s = s &quot;,&quot; $4} else { s = $4 } } END { print s }&apos;&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;  | &lt;/span&gt;&lt;span style=&quot;color: #ff1493; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;sort&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; | &lt;/span&gt;&lt;span style=&quot;color: #ff1493; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;uniq&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; -c | &lt;/span&gt;&lt;span style=&quot;color: #ff1493; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;sort&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; -r -n -k 1,1 | &lt;/span&gt;&lt;span style=&quot;color: #ff1493; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;grep&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; _doPeriodicRefresh&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;1 poll,mongo::transport::TransportLayerASIO::BatonASIO::run(mongo::ClockSource),mongo::transport::TransportLayerASIO::BatonASIO::run_until(mongo::ClockSource,,mongo::ClockSource::waitForConditionUntil(mongo::stdx::condition_variable&amp;amp;,,mongo::OperationContext::waitForConditionOrInterruptNoAssertUntil(mongo::stdx::condition_variable&amp;amp;,,mongo::KeysCollectionManager::PeriodicRunner::_doPeriodicRefresh(mongo::ServiceContext*,,std::thread::State_impl&amp;lt;std::thread::Invoker&amp;lt;std::tuple&amp;lt;mongo::KeysCollectionManager::PeriodicRunner::start(mongo::ServiceContext*,,execute_native_thread_routine,start_thread,clone&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;</comment>
                            <comment id="3481559" author="thomas.schubert" created="Mon, 9 Nov 2020 15:04:41 +0000"  >&lt;p&gt;Thanks for the report, &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jcli.china%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;jcli.china@gmail.com&quot;&gt;jcli.china@gmail.com&lt;/a&gt;. We&apos;ll investigate.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="1566704">SERVER-53337</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1578462">SERVER-53540</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1784945">SERVER-57738</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1377926">SERVER-48709</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>11.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="18953"><![CDATA[v4.4]]></customfieldvalue>
    <customfieldvalue key="16775"><![CDATA[v4.2]]></customfieldvalue>
    <customfieldvalue key="15640"><![CDATA[v4.0]]></customfieldvalue>
    <customfieldvalue key="15141"><![CDATA[v3.6]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000r3HtmQAE, 5002K00000r2hgJQAQ, 5002K00000qeh7bQAA, 5002K00000saus0QAA, 5002K00000satkVQAQ, 5002K00000sbSGlQAM, 5002K00000sdOUUQA2, 5002K00000seCecQAE, 5002K00000sdfqyQAA, 5002K00000tTJXJQA4, 5002K00000rzjF8QAI, 5002K00000tTOIJQA4, 5002K00000tVzrPQAS, 5002K00000uG5WsQAK, 5002K00000uzg5aQAA, 5002K00000uywAEQAY, 5002K00000v0HuIQAU, 5002K00000v0nX4QAI, 5002K00000uy0otQAA, 5002K00000uxCsgQAE, 5002K00000vewUJQAY, 5002K00000veIYZQA2, 5002K00000veI03QAE, 5002K00000vgd2tQAA, 5002K00000vfLA4QAM, 5002K00000xC3q4QAC, 5002K00000xDURsQAO, 5002K00000xDVjNQAW, 5002K00000xFexpQAC, 5002K00000yTPEPQA4, 5002K00000yV4yrQAC, 5002K00000zcWUFQA2, 5002K00000zgWXqQAM, 5002K00000veedwQAA, 5002K00000xlWD2QAM, 5002K000011gszrQAA, 5002K000012QyMZQA0, 5002K00000zcWORQA2, 5006R00001meUuZQAU, 5006R00001m7hcuQAA, 5006R00001yjoCvQAI]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 9 Nov 2020 15:04:41 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 43 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 43 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>aayushi.mangal@visiblealpha.com</customfieldvalue>
            <customfieldvalue>deokhyun.lee@navercorp.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ilanchezhianm@gmail.com</customfieldvalue>
            <customfieldvalue>jack.mulrow@mongodb.com</customfieldvalue>
            <customfieldvalue>jcli.china@gmail.com</customfieldvalue>
            <customfieldvalue>belokang@embracelabs.com</customfieldvalue>
            <customfieldvalue>kelsey.schubert@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyg95r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxapdr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4258">Sharding 2020-12-14</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyfvf3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>