diff --git a/.github/workflows/reusable-san.yml b/.github/workflows/reusable-san.yml
index 33cfd578d6819a..c55fad77ff0398 100644
--- a/.github/workflows/reusable-san.yml
+++ b/.github/workflows/reusable-san.yml
@@ -61,7 +61,7 @@ jobs:
               || ''
             }}.txt handle_segv=0" >> "$GITHUB_ENV"
         else
-          echo "UBSAN_OPTIONS=${SAN_LOG_OPTION}" >> "$GITHUB_ENV"
+          echo "UBSAN_OPTIONS=${SAN_LOG_OPTION} halt_on_error=1 suppressions=${GITHUB_WORKSPACE}/Tools/ubsan/suppressions.txt" >> "$GITHUB_ENV"
         fi
         echo "CC=clang" >> "$GITHUB_ENV"
         echo "CXX=clang++" >> "$GITHUB_ENV"
@@ -75,7 +75,7 @@ jobs:
         ${{
           inputs.sanitizer == 'TSan'
           && '--with-thread-sanitizer'
-          || '--with-undefined-behavior-sanitizer'
+          || '--with-undefined-behavior-sanitizer --with-strict-overflow'
         }}
         --with-pydebug
         ${{ fromJSON(inputs.free-threading) && '--disable-gil' || '' }}
@@ -83,10 +83,13 @@ jobs:
       run: make -j4
     - name: Display build info
       run: make pythoninfo
+    # test_{capi,faulthandler} are skipped under UBSan because
+    # they raise signals that UBSan with halt_on_error=1 intercepts.
     - name: Tests
       run: >-
         ./python -m test
         ${{ inputs.sanitizer == 'TSan' && '--tsan' || '' }}
+        ${{ inputs.sanitizer == 'UBSan' && '-x test_capi -x test_faulthandler' || '' }}
         -j4
     - name: Parallel tests
       if: >-
diff --git a/Tools/ubsan/suppressions.txt b/Tools/ubsan/suppressions.txt
new file mode 100644
index 00000000000000..9a5f20364261fe
--- /dev/null
+++ b/Tools/ubsan/suppressions.txt
@@ -0,0 +1,28 @@
+# This file contains suppressions for the UndefinedBehaviour sanitizer.
+#
+# Reference: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#runtime-suppressions
+#
+# When adding a suppression, include a comment referencing a GitHub issue
+# that describes how to reproduce the race and includes the relevant UBSan
+# output.
+
+# Objects/object.c:97:5: runtime error: member access within null pointer of type 'PyThreadState' (aka 'struct _ts')
+null:Objects/object.c
+
+# Objects/memoryobject.c:3032:15: runtime error: load of value 2, which is not a valid value for type 'bool'
+bool:Objects/memoryobject.c
+
+# Modules/_ctypes/cfield.c:644:1: runtime error: left shift of 1 by 63 places cannot be represented in type 'int64_t' (aka 'long')
+shift-base:Modules/_ctypes/cfield.c
+
+# Modules/_ctypes/cfield.c:640:1: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
+signed-integer-overflow:Modules/_ctypes/cfield.c
+
+# Modules/_zstd/decompressor.c:598:56: runtime error: applying non-zero offset 18446744073709551615 to null pointer
+pointer-overflow:Modules/_zstd/decompressor.c
+
+# Modules/_io/stringio.c:350:24: runtime error: addition of unsigned offset to 0x7fd01ec25850 overflowed to 0x7fd01ec2584c
+pointer-overflow:Modules/_io/stringio.c
+
+# Objects/bytesobject.c:1190:25: runtime error: applying zero offset to null pointer
+pointer-overflow:Objects/bytesobject.c