Manual Page Search Parameters

KUBSAN(4) Device Drivers Manual KUBSAN(4)

kernel undefined behavior sanitizer

option KUBSAN

kubsan detects undefined behavior at runtime inside the kernel. Detected undefined behavior is printed to the system console, including the offending line in the source code.

By default, kubsan is not enabled but instead requires the following line to be present in the kernel configuration:

option KUBSAN

The following undefined behavior is detected:

Integer overflow
The result of an arithmetic computation on two integer operands cannot be represented by the destination type.
Negate overflow
Negation of an integer cannot be represented by the destination type.
Pointer overflow
Pointer arithmetic overflow.
Out of bounds
Array indexing out of bounds, limited to cases where the size of the array can be statically determined.
Shift out of bounds
Undefined logical shift caused by:
  • The shift amount being negative.
  • The shift operand being negative.
  • The shift amount exceeds the number of bits as given by the shift operand type.
  • The result of the shift computation cannot be represented by the destination type.
Non-null argument
Passing NULL as the value for a function argument annotated with __nonnull__.
Invalid load
Loading a value that cannot be represented by the destination type.
Type mismatch
Mismatch between pointer and value type caused by:
  • A pointer which does not fulfill the alignment requirements of the value type.
  • A pointer to an address which lacks sufficient space to store the value type.
Execution reached passed a function annotated with __dead.


The kubsan implementation is derived from NetBSD and first appeared in OpenBSD 6.5.

The kubsan implementation was written by Anton Lindqvist <anton@openbsd.org>.

The kubsan implementation is limited to architectures using clang(1) as their default compiler.
May 24, 2019 OpenBSD-current