In _SafeFetchXX_internal() a pointer is checked for readability before using. It returns false if this is not the case. The implementation tries to read from the pointer if this is not feasible the signal handler comes into place jumping back to the function via longjmp, so the _SafeFetchXX_internal() itself can return with a false and a null as pseudo content of the address. If the address was readable the function returns true and provides the content of the address.
Because AIX allows reading from address zero, _SafeFetchXX_internal() returns true and follow up functions using the address are called. All these functions end up in an UBSAN finding regarding reading from zero.
The solution could be to manually code that also AIX behaves like other operating systems and returns false and the content zero in case of address zero. Then no UBSAN finding occur.