Nginx + NC12 having problems with small file uploads via web interface

[stratacast]

Steps to reproduce

1. Install nginx and rest of ecosystem as per the documentation
2. Upload many small files (in my case, about 1KB to 5MB, most files around 50KB size)

Expected behaviour

Files should upload at an expected speed.

Actual behaviour

It takes about 20 minutes to upload about 20MB of small files

Server configuration

Operating system: FreeBSD 11.1

Web server: 1.12.1

Database: 10.2.6

PHP version: 7.1.9

Nextcloud version: (see Nextcloud admin page) 12.0.3

Updated from an older Nextcloud/ownCloud or fresh install: From 12.0.1

Where did you install Nextcloud from: Source packages on nextcloud.com

Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
No errors have been found.

List of activated apps:

App list

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

  - activity: 2.5.2
  - admin_audit: 1.2.0
  - admin_notifications: 1.0.0
  - announcementcenter: 3.1.0
  - apporder: 0.4.0
  - bruteforcesettings: 1.0.2
  - calendar: 1.5.5
  - checksum: 0.3.5
  - comments: 1.2.0
  - contacts: 1.5.3
  - dav: 1.3.0
  - drawio: 0.8.8
  - federatedfilesharing: 1.2.0
  - federation: 1.2.0
  - files: 1.7.2
  - files_accesscontrol: 1.2.5
  - files_automatedtagging: 1.2.2
  - files_downloadactivity: 1.1.1
  - files_pdfviewer: 1.1.1
  - files_sharing: 1.4.0
  - files_texteditor: 2.4.1
  - files_trashbin: 1.2.0
  - files_versions: 1.5.0
  - files_videoplayer: 1.1.0
  - firstrunwizard: 2.1
  - gallery: 17.0.0
  - groupfolders: 1.1.0
  - impersonate: 1.0.1
  - keeweb: 0.4.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.0.0
  - mail: 0.7.3
  - nextcloud_announcements: 1.1
  - notifications: 2.0.0
  - oauth2: 1.0.5
  - ocdownloader: 1.5.4
  - password_policy: 1.2.2
  - provisioning_api: 1.2.0
  - quota_warning: 1.1.0
  - serverinfo: 1.2.0
  - sharebymail: 1.2.0
  - socialsharing_email: 1.0.1
  - spreed: 2.0.1
  - survey_client: 1.0.0
  - systemtags: 1.2.0
  - tasks: 0.9.5
  - theming: 1.3.0
  - twofactor_backupcodes: 1.1.1
  - twofactor_totp: 1.3.1
  - twofactor_u2f: 1.3.3
  - updatenotification: 1.2.0
  - workflowengine: 1.2.0
Disabled:
  - encryption
  - files_external
  - onlyoffice
  - passman
  - user_external
  - user_ldap

Nextcloud configuration:

Config report

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

{
    "system": {
        "instanceid": "instanceid",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "172.16.0.10",
            "domain1",
            "domain2"
        ],
        "datadirectory": "\/mnt\/nc_data",
        "overwrite.cli.url": "http:\/\/172.16.0.10",
        "dbtype": "mysql",
        "version": "12.0.3.3",
        "dbname": "nextclouddb",
        "dbhost": "localhost",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "loglevel": 1,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "redis": {
            "host": "\/tmp\/redis.sock",
            "port": 0
        },
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "maintenance": false,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_from_address": "myemail",
        "mail_domain": "gmail.com",
        "mail_smtphost": "smtp.gmail.com",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "theme": "",
        "updater.release.channel": "stable"
    }
}

Are you using external storage, if yes which one: none

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Firefox 57, 58, Chromium 60

Operating system: Windows 10, Fedora 26

Logs

Web server error log

Web server error log

Insert your webserver log here

2017/10/02 21:14:09 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:11 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:13 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:15 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:17 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:19 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:21 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:23 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:25 [error] 47507#101971: accept4() failed (53: Software caused connection abort)
2017/10/02 21:14:27 [error] 47507#101971: accept4() failed (53: Software caused connection abort)

Here is my nginx config file, this problem doesn't appear to happen on Apache

user www;
worker_processes	1;

error_log	/var/log/nginx/error.log;

events {
	worker_connections 1024;
}

http {

	include mime.types;
	default_type application/octet-stream;
	sendfile on;
	keepalive_timeout 70;

	upstream php-handler {
		#server 127.0.0.1:9000;
		server unix:/var/run/php-fpm.sock;
	}

	server_tokens	off;
	access_log	/var/log/nginx/access.log;

server {
    listen 80;
    server_name domainname;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name domainname


    ssl on;
    ssl_certificate /usr/local/etc/letsencrypt/live/domainname/fullchain.pem;
    ssl_certificate_key /usr/local/etc/letsencrypt/live/domainname/privkey.pem;

        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;

        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /usr/local/etc/ssl/dhparam.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';



                # OCSP Stapling ---
                # fetch OCSP records from URL in ssl_certificate and cache them
                ssl_stapling on;
                ssl_stapling_verify on;


    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Strict-Transport_security "max-age=15552000; includeSubDomains; preload";

    # Path to the root of your installation
    root /usr/local/www/nginx/nextcloud;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 2048M;
    #fastcgi_buffers 64 4K;
    fastcgi_buffers 128 1M;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml 
application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml 
application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc 
text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff|svg|gif)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        #  includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
	add_header Strict-Transport_security "max-age=15552000; includeSubDomains; preload";
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

}

I also have OPCache being used. It is strange that the issue only occurs via the web interface, and not from the desktop clients

[JoergGoltermann]

Hi,

we have similar problems during upload of some files. We use CentOS 7.4 with Apache, PHP-FPM and PHP 7.0. Our problem seems to be an locking issue. Files get uploaded at normal speed and the process get stuck for about 30 seconds. One php worker generates a high load and the redis server is used in an "abnormal" manner.

$ redis-cli  -s /var/run/redis/redis.sock --stat
------- data ------ --------------------- load -------------------- - child -
keys       mem      clients blocked requests            connections
0          834.37K  3       0       43628071 (+0)       14626
0          834.37K  3       0       43628072 (+1)       14626
0          834.37K  3       0       43628073 (+1)       14626
0          834.37K  3       0       43628074 (+1)       14626
0          834.37K  3       0       43628075 (+1)       14626
0          834.37K  3       0       43628076 (+1)       14627
0          834.37K  3       0       43628077 (+1)       14627
0          834.37K  3       0       43628315 (+238)     14628
0          854.73K  4       0       43628337 (+22)      14638
2          875.51K  5       0       43628762 (+425)     14652
2          855.14K  4       0       43629427 (+665)     14661
3          891.27K  4       0       43634120 (+4693)    14662
3          891.54K  4       0       43648963 (+14843)   14662
3          891.27K  4       0       43664375 (+15412)   14662
3          891.27K  4       0       43680568 (+16193)   14662
2          891.14K  4       0       43696646 (+16078)   14662
3          891.30K  4       0       43712077 (+15431)   14662
...

$ redis-cli  -s /var/run/redis/redis.sock monitor
OK
1507062075.028314 [0 unix:/var/run/redis/redis.sock] "WATCH" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/5f4a860c7d443a910ceb912f323ee3ef"
1507062075.028518 [0 unix:/var/run/redis/redis.sock] "GET" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/5f4a860c7d443a910ceb912f323ee3ef"
1507062075.028581 [0 unix:/var/run/redis/redis.sock] "MULTI"
1507062075.028676 [0 unix:/var/run/redis/redis.sock] "DEL" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/5f4a860c7d443a910ceb912f323ee3ef"
1507062075.028695 [0 unix:/var/run/redis/redis.sock] "EXEC"
1507062075.028807 [0 unix:/var/run/redis/redis.sock] "INCRBY" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/90b415d68e03cea5a5a207ac135f6817" "1"
1507062075.028870 [0 unix:/var/run/redis/redis.sock] "EXPIRE" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/90b415d68e03cea5a5a207ac135f6817" "3600"
1507062075.029061 [0 unix:/var/run/redis/redis.sock] "WATCH" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/90b415d68e03cea5a5a207ac135f6817"
1507062075.029123 [0 unix:/var/run/redis/redis.sock] "GET" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/90b415d68e03cea5a5a207ac135f6817"
1507062075.029199 [0 unix:/var/run/redis/redis.sock] "MULTI"
1507062075.029266 [0 unix:/var/run/redis/redis.sock] "DEL" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/90b415d68e03cea5a5a207ac135f6817"
1507062075.029282 [0 unix:/var/run/redis/redis.sock] "EXEC"
1507062075.029384 [0 unix:/var/run/redis/redis.sock] "INCRBY" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/cfed203378bb22fb7a71baedcd722bc7" "1"
1507062075.029475 [0 unix:/var/run/redis/redis.sock] "EXPIRE" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/cfed203378bb22fb7a71baedcd722bc7" "3600"
1507062075.029670 [0 unix:/var/run/redis/redis.sock] "WATCH" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/cfed203378bb22fb7a71baedcd722bc7"
1507062075.029732 [0 unix:/var/run/redis/redis.sock] "GET" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/cfed203378bb22fb7a71baedcd722bc7"
1507062075.029802 [0 unix:/var/run/redis/redis.sock] "MULTI"
1507062075.029872 [0 unix:/var/run/redis/redis.sock] "DEL" "1903bd68cdd71ebb5d410fd38d195908/lockfiles/cfed203378bb22fb7a71baedcd722bc7"
....

Do you use redis too?

We see this high redis usage during opening the trashbin and while loading the Apps page too.

[stratacast]

I implemented Redis to see if it would solve my issue, however it made no difference. I have this problem both with and without Redis. However, I wonder if this is a PHP-FPM thing since I've been using Apache and PHP7 without PHP-FPM and I'm not experiencing that issue (or didn't before switching to Nginx). So I wonder, if Apache + PHP-FPM is having the issue, maybe there's a config there missing? Apache is using mpm-prefork and I'm assuming you're using mpm-worker or event yes?

[stratacast]

I'm continuing my suspicion of it being PHP-FPM or nginx. I set up a stock setup (no perf optimizations) of nextcloud on the exact same machine (both of these are operating within jails. Apache took less than half the time to upload the same set of files. Again bear in mind, desktop clients are not affected by this slow upload issue

[stratacast]

Just eliminated PHP-FPM and nginx as factors I believe. On precisely the same server I switched back to apache and the problem still occurred, I'm still not convinced it's a database issue though since the desktop client is so fast. I'm completely at a loss. I feel I have tried everything and this is just a dead instance of Nextcloud that needs an utter redo

[JoergGoltermann]

Hi, yesterday I fixed our problem, we had about 150k entries in the oc_file_locks table and after each upload the system locked, unlocked each of them in the redis server which caused the delay. I have no idea why the files where locked in the MySQL. Some weeks ago we had trouble with locked files and we changed the locking settings in the config.php serveral times. Maybe this lead to the entries in the table. If you enable debugging, maybe you find your problem too.

[stratacast]

As far as I know, I'm not seeing that issue (or maybe I'm missing it), I did see this now:

	webdav	Sabre\DAV\Exception\NotAuthenticated: No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/usr/local/www/nginx-dist/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)/usr/local/www/nginx-dist/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)/usr/local/www/nginx-dist/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/usr/local/www/nginx-dist/nextcloud/apps/dav/lib/Server.php - line 258: Sabre\DAV\Server->exec()/usr/local/www/nginx-dist/nextcloud/apps/dav/appinfo/v2/remote.php - line 33: OCA\DAV\Server->exec()/usr/local/www/nginx-dist/nextcloud/remote.php - line 162: require_once('/usr/local/www/...'){main}

and

{"reqId":"zItXgO5ojMfWsFJpZr93","level":4,"time":"2017-10-06T01:54:43+00:00","remoteAddr":"192.168.10.47","user":"courtney","app":"webdav","method":"PUT","url":"/remote.php/webdav/Programs/webroot/bin/System.Web.WebPages.dll","message":"Exception: {"Exception":"Sabre\\DAV\\Exception\\BadRequest","Message":"expected filesize 211656 got 9222","Code":0,"Trace":"#0 \/usr\/local\/www\/nginx-dist\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php(151): OCA\\DAV\\Connector\\Sabre\\File->put(Resource id #9)\n#1 \/usr\/local\/www\/nginx-dist\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(1096): OCA\\DAV\\Connector\\Sabre\\Directory->createFile('System.Web.WebP...', Resource id #9)\n#2 \/usr\/local\/www\/nginx-dist\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php(525): Sabre\\DAV\\Server->createFile('Programs\/webroo...', Resource id #9, NULL)\n#3 [internal function]: Sabre\\DAV\\CorePlugin->httpPut(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#4 \/usr\/local\/www\/nginx-dist\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#5 \/usr\/local\/www\/nginx-dist\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(479): Sabre\\Event\\EventEmitter->emit('method:PUT', Array)\n#6 \/usr\/local\/www\/nginx-dist\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(254): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#7 \/usr\/local\/www\/nginx-dist\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php(76): Sabre\\DAV\\Server->exec()\n#8 \/usr\/local\/www\/nginx-dist\/nextcloud\/remote.php(162): require_once('\/usr\/local\/www\/...')\n#9 {main}","File":"\/usr\/local\/www\/nginx-dist\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/File.php","Line":151}","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0","version":"12.0.3.3"}

I will see if there's anything in the docs or other issues. Found a typo setting up HSTS but that unfortunately wasn't the issue

[stratacast]

I have 7K file locks in my database. Could you lead me to what you did to solve that to see if that fixes my issue?

[nickvergessen]

Just try to drop all content from the lock table.

[stratacast]

Dropped all the contents from the lock table with no change. Still watching nextcloud.log and I am still only getting the errors as stated in my 2nd recent post. Still no change in performance, nginx is giving me:
2017/10/06 22:41:33 [error] 84971#101926: accept4() failed (53: Software caused connection abort)

however, this error seems to occur even when not doing an upload. My guess now though is it is related to that webdav error, since it is spitting that error out when doing PUT

[MorrisJobke]

In more recent versions (13.0.4 and 12.0.9) we reduced drastically the amount of lock statements which should avoid most of the problems in here. Thus I will close it. If there is still stuff that breaks have a look at #9305 and it's linked issues.

Another workaround: use Redis as locking backend improves the situation as well. Hopefully this solves the issue you have with the upload of the small files. If this still happens and is unrelated to file locking (maybe test it by disable it completely). We can reopen this ticket.