A Civi user was doing normal email searches and merges from the search results, but seems to have kicked off an unlimited scan of the email table for duplicates, locking it for long enough to block a couple dozen contribution inserts. She says she never saw the dedupe search screen (where we enforce a limit)
Instrument the dedupe queries to log a full stack trace, and enforce a limit at a level lower than the UI