[heap] Fix filler logic in ConcurrentAllocator::AllocateOutsideLab

Bug: chromium:1339356, chromium:1338687
Change-Id: Ied308cc98c19e3b1402ffff6b2e8519d1e33fda2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721468
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81365}

src/heap/concurrent-allocator.cc

@@ -172,9 +172,18 @@ AllocationResult ConcurrentAllocator::AllocateOutsideLab(
 
   HeapObject object = HeapObject::FromAddress(result->first);
   const int filler_size = Heap::GetFillToAlign(object.address(), alignment);
+  DCHECK_IMPLIES(filler_size != 0, filler_size == requested_filler_size);
+
   // Actually align the allocation.
-  if (filler_size)
-    object = local_heap_->heap()->PrecedeWithFiller(object, filler_size);
+  if (requested_filler_size) {
+    if (filler_size) {
+      object = local_heap_->heap()->PrecedeWithFiller(object, filler_size);
+    } else {
+      // Free the unneeded filler space.
+      space_->Free(object.address() + size_in_bytes, requested_filler_size,
+                   SpaceAccountingMode::kSpaceAccounted);
+    }
+  }
 
   if (IsBlackAllocationEnabled()) {
     owning_heap()->incremental_marking()->MarkBlackBackground(object,