In short, I believe the problem occurs with a "*jcc_1" insn that jumps
forwards, but the full details are in the bug.
My first thought is that something must be creating a new insn after
shorten_branches is complete or an existing insn that was not on the
chain when we called shorten-branches, but got threaded onto the chain
later. Either would be considered bad in various ways, so we'd like to
fix it.
I don't think either of these are the case. I believe it's due to the
size of the jcc_1 insn being affected by the distance to the jump
target, which for a forward jump is a bit of a chicken-and-egg issue,
since that distance is affected by the size of the jcc_1 insn itself.
It looks like align_fuzz exists in order to cope with this kind of
circular definition, but the issue seems to occur inside align_fuzz
itself.