I think you're completely right: the reload pass has no specific
infrastructure for dealing with invalid subregs. It may "fix" these
subregs, but only if it happens that the operand needs reloading
because
of the insn constraints.
I've found why: the code has been disabled in find_reloads()
/* This following hunk of code should no longer be
needed at all with SUBREG_BYTE. If you need this
code back, please explain to me why so I can
fix the real problem. -DaveM */
Re-enabling it fix PR target/10286.
Now the question: what is the replacement machinery that is supposed
to be
doing the work?