Unless a major anti fingerprinting solution uses the same list of GPUs as you doing this puts you in a tiny bucket and provides massive entropy to trackers, possibly even enough to exactly identify you given many webGL calls.
You could seed your random number generator with a hash of the hostname, guaranteeing consistency across all the random values you return to the one host.
Maybe an explicit sign of spoofing is even better, it sends a message in a gentle way.
Unspoofing on the server side, if at all possible, would likely be too expensive for whatever gain it might bring.