When an exception occurs, some data is put onto the stack prior to the exception being processed. Remember, the stack pointer is the SSP and not the normal USP variant of the A7 register.
For most exceptions, the data put onto the stack is simply the program counter and the status register as follows :
High address -> PC low word
PC high word
SSP ----------> Status register word
so when the exception handler is running, the stack pointer holds the address of the SR at the time the exception was caused and 4(A7) holds the program counter where the exception was caused.
The above is true for all exceptions apart from BUS ERROR, ADDRESS ERROR or RESET. These three have a different stack frame :
High address -> PC low word
PC high word
Status register word
Instruction register word
Access address low word
Access address high word
SSP ----------> Access type and function code (one word)
This additional data includes a copy of the first word of the instruction that was being processed when the exception was caused, the address that was being accessed when the exception was caused and a word describing what the processor was trying to do at the time.
Note that the value in the program counter on the stack is not always the actual address of the start of the instruction - it could be anything from the next word or even the address 10 bytes on from the actual address of the instruction - beware.
At the end of an exception processing routine an RTE instruction is used to restore the status register and the program counter from the stack. It follows then that in the case of an ADDRESS or BUS exception that this is gaing to fail unless the additional data is first cleared from the stack - or a 68020 used instead !