iptables SNAT not honoring original port intermittently

I have a mark/mangle/SNAT setup that has been working great for years. However, when trying to use this same setup for DHCP requests, it intermittently fails:

*mangle
-A OUTPUT -p udp -m udp --dport 67 -j MARK --set-xmark 0x7/0xffffffff
#...
*nat
-A POSTROUTING -m mark --mark 0x7 -j SNAT --to-source <SCRUBBED>

However, for no discernable reason, packets will occasionally be redirected to port 1 instead of 67 during the SNAT translation.

The iptables documentation states:

 which can specify a single new source IP address, an inclusive range of
 IP addresses, and optionally, a port range (which is only valid if the
 rule also specifies  -p tcp or -p udp).  If no port range is specified, 
 then source ports below 512 will be mapped to other ports below 512. 
 [...]  Where possible, no port alteration will occur

What I'm really wondering is when will port alteration occur? I have not been able to find use cases for that. This has happened on various hosts with various versions of iptables installed.