--- xnu/xnu-7195.141.2/libkern/c++/priority_queue.cpp
+++ xnu/xnu-8020.121.3/libkern/c++/priority_queue.cpp
@@ -29,6 +29,9 @@
 #if KERNEL
 #include <kern/priority_queue.h>
 #include <mach/vm_param.h>
+#if CONFIG_KERNEL_TBI && KASAN_TBI
+#include <san/kasan.h>
+#endif /* CONFIG_KERNEL_TBI && KASAN_TBI */
 
 #ifdef __LP64__
 static_assert(PRIORITY_QUEUE_ENTRY_CHILD_BITS >= VM_KERNEL_POINTER_SIGNIFICANT_BITS,
@@ -128,12 +131,18 @@
 	static inline void
 	pack_child(entry_t e, const entry_t child)
 	{
+#if CONFIG_KERNEL_TBI && KASAN_TBI
+		e->tag = kasan_tbi_get_tag((long)child);
+#endif /* CONFIG_KERNEL_TBI && KASAN_TBI */
 		e->child = (long)child;
 	}
 
 	static inline entry_t
 	unpack_child(entry_t e)
 	{
+#if CONFIG_KERNEL_TBI && KASAN_TBI
+		return (entry_t)(kasan_tbi_tag_ptr(e->child, e->tag));
+#endif /* CONFIG_KERNEL_TBI && KASAN_TBI */
 		return (entry_t)e->child;
 	}
 
@@ -340,11 +349,17 @@
 			remove_root(que, elt);
 			elt->next = elt->prev = NULL;
 			elt->child = 0;
+#if CONFIG_KERNEL_TBI && KASAN_TBI
+			elt->tag = 0;
+#endif /* CONFIG_KERNEL_TBI && KASAN_TBI */
 			return true;
 		} else {
 			remove_non_root(que, elt);
 			elt->next = elt->prev = NULL;
 			elt->child = 0;
+#if CONFIG_KERNEL_TBI && KASAN_TBI
+			elt->tag = 0;
+#endif
 			return false;
 		}
 	}