Adding more details, the input causes an out of memory failure and another process is spawned to trace and perform leak detection on the first.  The second process deadlocks on a mutex.

First process stdout (can't be traced because second one is tracing it):
INFO: Seed: 4049999721
INFO: Loaded 2 modules   (34984 inline 8-bit counters): 34961 [0x7fd5141669f8, 0x7fd51416f289), 23 [0x558095e92526, 0x558095e9253d),
INFO: Loaded 2 PC tables (34984 PCs): 34961 [0x7fd51416f290,0x7fd5141f7ba0), 23 [0x558095e92540,0x558095e926b0),
INFO: 18 Clang Coverage Counters
/usr/libexec/fuzzers/virgl_fuzzer: Running 1 inputs 1 time(s) each.
Running: oom-e69d0dfc056e4430608df7481580db63020312fb
gl_version 30 - es profile enabled
WARNING: running without ARB/KHR robustness in place may crash
vrend_renderer.c:2518:17: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior vrend_renderer.c:2518:17 in
==163146== ERROR: libFuzzer: out-of-memory (malloc(16777216036))
   To change the out-of-memory limit use -rss_limit_mb=<N>

    #0 0x558095e1f1d7 in __sanitizer_print_stack_trace (/usr/libexec/fuzzers/virgl_fuzzer+0xfd1d7)
    #1 0x558095d4cca8 in _init (/usr/libexec/fuzzers/virgl_fuzzer+0x2aca8)
    #2 0x558095d4cbaa in _init (/usr/libexec/fuzzers/virgl_fuzzer+0x2abaa)
    #3 0x558095e25607  (/usr/libexec/fuzzers/virgl_fuzzer+0x103607)
    #4 0x558095d718cd  (/usr/libexec/fuzzers/virgl_fuzzer+0x4f8cd)
    #5 0x558095d71afa  (/usr/libexec/fuzzers/virgl_fuzzer+0x4fafa)
    #6 0x558095e1680c in calloc (/usr/libexec/fuzzers/virgl_fuzzer+0xf480c)
    #7 0x7fd513ecde89 in vrend_create_shader /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180716-r2/work/virglrenderer-0fb73b11e4cdadced885e52848002b2e9c79e3f5/src/vrend_renderer.c:2592:16
    #8 0x7fd513fd0e87 in vrend_decode_create_shader /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180716-r2/work/virglrenderer-0fb73b11e4cdadced885e52848002b2e9c79e3f5/src/vrend_decode.c:110:10
    #9 0x7fd513fd0e87 in vrend_decode_create_object /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180716-r2/work/virglrenderer-0fb73b11e4cdadced885e52848002b2e9c79e3f5/src/vrend_decode.c:698
    #10 0x7fd513fd0e87 in vrend_decode_block /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180716-r2/work/virglrenderer-0fb73b11e4cdadced885e52848002b2e9c79e3f5/src/vrend_decode.c:1210
    #11 0x558095e43938 in LLVMFuzzerTestOneInput /build/amd64-generic/tmp/portage/media-libs/virglrenderer-0.6.0_p20180716-r2/work/virglrenderer-0fb73b11e4cdadced885e52848002b2e9c79e3f5/tests/fuzzer/virgl_fuzzer.c:181:4
    #12 0x558095d4ecfc in _init (/usr/libexec/fuzzers/virgl_fuzzer+0x2ccfc)
    #13 0x558095d3f686 in _init (/usr/libexec/fuzzers/virgl_fuzzer+0x1d686)
    #14 0x558095d4552c in _init (/usr/libexec/fuzzers/virgl_fuzzer+0x2352c)
    #15 0x558095d6fe32  (/usr/libexec/fuzzers/virgl_fuzzer+0x4de32)
==163146== ERROR: libFuzzer: out-of-memory (used: 2137Mb; limit: 2048Mb)
   To change the out-of-memory limit use -rss_limit_mb=<N>

Live Heap Allocations: 16814868403 bytes in 4512 chunks; quarantined: 114268966 bytes in 12579 chunks; 8095 other chunks; total chunks: 25186; showing top 95% (at most 8 unique contexts)
16777216036 byte(s) (99%) in 1 allocation(s)

Second process that is deadlocked:
(gdb) where
#0  0x0000558095e2caa7 in __sanitizer::BlockingMutex::Lock() ()
#1  0x0000558095e37f02 in __sanitizer::Symbolizer::SymbolizePC(unsigned long) ()
#2  0x0000558095e36ba9 in __sanitizer::StackTrace::Print() const ()
#3  0x0000558095e177d1 in __asan::HeapProfile::Print(unsigned long, unsigned long) ()
#4  0x0000558095e17688 in __asan::MemoryProfileCB(__sanitizer::SuspendedThreadsList const&, void*) ()
#5  0x0000558095e34b44 in __sanitizer::TracerThread(void*) ()
#6  0x0000558095e2d422 in __sanitizer::internal_clone(int (*)(void*), void*, int, void*, int*, void*, int*) ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

I find that I can only reproduce by creating additional CPU load (I spawned another instance of the fuzzer with 50 workers) with the other fuzzer in a loop.

Yunlian,
Cqan you cherry-pick r331825 to llvm and compiler-rt?

This looks like a UBSan+OOM variant of https://github.com/google/sanitizers/issues/788.  I the cherry-pick doesn't fix this, we probably need to fix this in UBSan with something similar to https://reviews.llvm.org/D46277.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/5ce408c2f75c79e6fb9dba767f6bf67e91b6651b

commit 5ce408c2f75c79e6fb9dba767f6bf67e91b6651b
Author: Yunlian Jiang <yunlian@google.com>
Date: Tue Jul 24 11:11:25 2018

llvm: fix deadlock in libFuzzer.

This backports an upstream compiler-rt patch to fix the deadlock
in libFuzzer.

BUG= chromium:866546 
TEST=sudo emerge llvm

Change-Id: Icb79b89da16c99ba2c5cfa464e8062d35a1ee98b
Reviewed-on: https://chromium-review.googlesource.com/1147840
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>

[add] https://crrev.com/5ce408c2f75c79e6fb9dba767f6bf67e91b6651b/sys-devel/llvm/files/cherry/1b2e8fb0ce651da2d47b98c33b29c0f42a080f13.patch
[add] https://crrev.com/5ce408c2f75c79e6fb9dba767f6bf67e91b6651b/sys-libs/compiler-rt/files/cherry/1b2e8fb0ce651da2d47b98c33b29c0f42a080f13.patch
[rename] https://crrev.com/5ce408c2f75c79e6fb9dba767f6bf67e91b6651b/sys-devel/llvm/llvm-7.0_pre331547_p20180529-r8.ebuild
[rename] https://crrev.com/5ce408c2f75c79e6fb9dba767f6bf67e91b6651b/sys-libs/compiler-rt/compiler-rt-7.0_pre331547-r4.ebuild

This should have been fixed by the cherry-pick + llvm update in https://chromium-review.googlesource.com/1147840. Please re-open if that is not the case.

Looks fixed from my tests.