diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp
index 506153ffc..d3d161966 100644
--- a/js/src/jit/Ion.cpp
+++ b/js/src/jit/Ion.cpp
@@ -2904,10 +2904,11 @@ InvalidateActivation(FreeOp* fop, const JitActivationIterator& activations, bool
                 type = "Baseline";
             else if (it.isBailoutJS())
                 type = "Bailing";
+            JSScript* script = it.maybeForwardedScript();
             JitSpew(JitSpew_IonInvalidate,
                     "#%d %s JS frame @ %p, %s:%" PRIuSIZE " (fun: %p, script: %p, pc %p)",
-                    frameno, type, it.fp(), it.script()->maybeForwardedFilename(),
-                    it.script()->lineno(), it.maybeCallee(), (JSScript*)it.script(),
+                    frameno, type, it.fp(), script->maybeForwardedFilename(),
+                    script->lineno(), it.maybeCallee(), script,
                     it.returnAddressToFp());
             break;
           }
@@ -2953,7 +2954,7 @@ InvalidateActivation(FreeOp* fop, const JitActivationIterator& activations, bool
         if (!calledFromLinkStub && it.checkInvalidation())
             continue;
 
-        JSScript* script = it.script();
+        JSScript* script = it.maybeForwardedScript();
         if (!script->hasIonScript())
             continue;
 
diff --git a/js/src/jit/JitFrameIterator.h b/js/src/jit/JitFrameIterator.h
index dce63665e..154828d6a 100644
--- a/js/src/jit/JitFrameIterator.h
+++ b/js/src/jit/JitFrameIterator.h
@@ -204,6 +204,7 @@ class JitFrameIterator
     JSFunction* maybeCallee() const;
     unsigned numActualArgs() const;
     JSScript* script() const;
+    JSScript* maybeForwardedScript() const;
     void baselineScriptAndPc(JSScript** scriptRes, jsbytecode** pcRes) const;
     Value* actualArgs() const;
 
diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp
index b92565885..9e5d11792 100644
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@@ -221,6 +221,31 @@ JitFrameIterator::script() const
     return script;
 }
 
+JSScript*
+MaybeForwardedScriptFromCalleeToken(CalleeToken token) {
+    switch (GetCalleeTokenTag(token)) {
+      case CalleeToken_Script:
+        return MaybeForwarded(CalleeTokenToScript(token));
+      case CalleeToken_Function:
+      case CalleeToken_FunctionConstructing: {
+        JSFunction* fun = MaybeForwarded(CalleeTokenToFunction(token));
+        return MaybeForwarded(fun)->nonLazyScript();
+      }
+    }
+    MOZ_CRASH("invalid callee token tag");
+}
+
+JSScript*
+JitFrameIterator::maybeForwardedScript() const
+{
+    MOZ_ASSERT(isScripted());
+    if (isBaselineJS())
+      return MaybeForwardedScriptFromCalleeToken(baselineFrame()->calleeToken());
+    JSScript* script = MaybeForwardedScriptFromCalleeToken(calleeToken());
+    MOZ_ASSERT(script);
+    return script;
+}
+
 void
 JitFrameIterator::baselineScriptAndPc(JSScript** scriptRes, jsbytecode** pcRes) const
 {
diff --git a/js/src/jit/JitFrames.h b/js/src/jit/JitFrames.h
index f7149cd6d..55d92af8d 100644
--- a/js/src/jit/JitFrames.h
+++ b/js/src/jit/JitFrames.h
@@ -88,6 +88,8 @@ ScriptFromCalleeToken(CalleeToken token)
     MOZ_CRASH("invalid callee token tag");
 }
 
+JSScript* MaybeForwardedScriptFromCalleeToken(CalleeToken token);
+
 // In between every two frames lies a small header describing both frames. This
 // header, minimally, contains a returnAddress word and a descriptor word. The
 // descriptor describes the size and type of the previous frame, whereas the