Description:
In function rtr_page_split_and_insert() as below:

1162   /* Insert fit on the page: update the free bits for the
1163   left and right pages in the same mtr */
1164
1165   if (page_is_leaf(page)) {
1166     ibuf_update_free_bits_for_two_pages_low(block, new_block, mtr);
1167   }
1168
1169   /* If the new res insert fail, we need to do another split
1170    again. */
1171   if (!rec) {
1172     /* We play safe and reset the free bits for new_page */
1173     if (!cursor->index->is_clustered() &&
1174         !cursor->index->table->is_temporary()) {
1175       ibuf_reset_free_bits(new_block);
1176       ibuf_reset_free_bits(block);
1177     }

ibuf_update_free_bits_for_two_pages_low() at line 1166 uses mtr from caller and 
is not committed.
Then ibuf_reset_free_bits() at line 1175 and 1176 execute and it has its own mtr 
and committed.
Later mtr used by ibuf_update_free_bits_for_two_pages_low() is committed.
They change same offset in ibuf bitmap but order of redo log record is incorrect.

How to repeat:
Hard to repeat without adding extra code.
If crash happens can lead to get a incorrect ibuf bitmap page.

Suggested fix:
Use mtr from caller when reset free bits in ibuf bitmap page.

Hi Mr. Zhang,

Thank you very much for your bug report.

However, we found a problem when analysing your bug report.

We have debugged this part of the code and in each run we found out that every time when (page_is_leaf(page)) condition was TRUE, (!rec) was also true.

Hence, ibuf_reset_free_bits() function was always called for each of the blocks.

Hence, we require a test case that will show that there are cases when first condition is TRUE while the second condition is FALSE.

We can not repeat your report without such a test case.

Thanks in advance.