diff --git a/CHANGES b/CHANGES
index 1717108966..f57b60ab2a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -23,6 +23,9 @@ jsoup changelog
   * Bugfix: fixed an NPE when parsing fragment heading HTML into a standalone p element.
     <https://github.com/jhy/jsoup/issues/1601>
 
+  * Bugfix: fixed an IOOB when parsing a formatting fragment into a standalone p element.
+    <https://github.com/jhy/jsoup/issues/1602>
+
   * Bugfix [Fuzz]: fixed a slow parse when a tag or an attribute name has thousands of null characters in it.
     <https://github.com/jhy/jsoup/issues/1580>
 
diff --git a/src/main/java/org/jsoup/parser/HtmlTreeBuilderState.java b/src/main/java/org/jsoup/parser/HtmlTreeBuilderState.java
index d2e017dafe..09783a809f 100644
--- a/src/main/java/org/jsoup/parser/HtmlTreeBuilderState.java
+++ b/src/main/java/org/jsoup/parser/HtmlTreeBuilderState.java
@@ -816,7 +816,8 @@ else if (!tb.onStack(formatEl)) {
                 // run-aways
                 final int stackSize = stack.size();
                 int bookmark = -1;
-                for (int si = 0; si < stackSize && si < 64; si++) {
+                for (int si = 1; si < stackSize && si < 64; si++) {
+                    // TODO: this no longer matches the current spec at https://html.spec.whatwg.org/#adoption-agency-algorithm and should be updated
                     el = stack.get(si);
                     if (el == formatEl) {
                         commonAncestor = stack.get(si - 1);
diff --git a/src/test/java/org/jsoup/parser/HtmlParserTest.java b/src/test/java/org/jsoup/parser/HtmlParserTest.java
index 35749059e5..696d876651 100644
--- a/src/test/java/org/jsoup/parser/HtmlParserTest.java
+++ b/src/test/java/org/jsoup/parser/HtmlParserTest.java
@@ -1433,6 +1433,7 @@ private boolean didAddElements(String input) {
     }
 
     @Test public void parseFragmentOnCreatedDocument() {
+        // https://github.com/jhy/jsoup/issues/1601
         String bareFragment = "<h2>text</h2>";
         List<Node> nodes = new Document("").parser().parseFragmentInput(bareFragment, new Element("p"), "");
         assertEquals(1, nodes.size());
@@ -1440,4 +1441,13 @@ private boolean didAddElements(String input) {
         assertEquals("h2", node.nodeName());
         assertEquals("<p><h2>text</h2></p>", node.parent().outerHtml());
     }
+
+    @Test public void nestedPFragments() {
+        // https://github.com/jhy/jsoup/issues/1602
+        String bareFragment = "<p></p><a></a>";
+        List<Node> nodes = new Document("").parser().parseFragmentInput(bareFragment, new Element("p"), "");
+        assertEquals(2, nodes.size());
+        Node node = nodes.get(0);
+        assertEquals("<p><p></p><a></a></p>", node.parent().outerHtml()); // mis-nested because fragment forced into the element, OK
+    }
 }