diff --git a/js/src/jit-test/tests/ion/recover-lambdas-bug1118911.js b/js/src/jit-test/tests/ion/recover-lambdas-bug1118911.js
new file mode 100644
index 000000000000..bf527351481f
--- /dev/null
+++ b/js/src/jit-test/tests/ion/recover-lambdas-bug1118911.js
@@ -0,0 +1,9 @@
+
+function test() {
+  function f()
+    k.apply(this, arguments);
+  if (undefined >> undefined !== 0) {}
+  for (var [ v , c ]  = 0 in this.tracemonkey) {  }
+}
+try { test(); } catch(exc1) {}
+try { test(); } catch(exc1) {}
diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp
index e226d547f316..785246a66643 100644
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@@ -1495,10 +1495,11 @@ GetPcScript(JSContext *cx, JSScript **scriptRes, jsbytecode **pcRes)
         return;
 
     // Lookup failed: undertake expensive process to recover the innermost inlined frame.
-    ++it; // Skip exit frame.
+    if (!it.isBailoutJS())
+        ++it; // Skip exit frame.
     jsbytecode *pc = nullptr;
 
-    if (it.isIonJS()) {
+    if (it.isIonJS() || it.isBailoutJS()) {
         InlineFrameIterator ifi(cx, &it);
         *scriptRes = ifi.script();
         pc = ifi.pc();