Created attachment 18808 [details] a small failing example When -enable-emscripten-cxx-exceptions is used, the WebAssemblyLowerEmscriptenEHSjLj pass lowers invoke instructions to calls to calls to @__invoke_SIG functions that take the originally invoked function as a first argument and have the same return type. If that return type is a struct, the initial lowering step creates an sret parameter in the first argument position, bumping the function pointer to the second argument position, which causes a crash when the sret pointer is used as a function pointer at run time. To reproduce: llc exceptions.ll -enable-emscripten-cxx-exceptions -debug Observe that %ign = invoke { i32, i8* } @bar(i32 3) to label %invoke.cont unwind label %lpad is lowered to ... %ign = call { i32, i8* } @"__invoke_{i32.i8*}_i32"({ i32, i8* } (i32)* @bar, i32 3) ... and later lowered to ... CALL_VOID <ga:@"__invoke_{i32.i8*}_i32">, <fi#0>, %vreg2<kill>, %vreg1<kill>, %ARGUMENTS<imp-def,dead>, %SP32<imp-use>, %SP64<imp-use>; I32:%vreg2,%vreg1 ... which has the sret pointer, not the function pointer, as the first argument.