diff --git a/lib/core/ogs-timer.c b/lib/core/ogs-timer.c
index 90c01c9db7..ba9219071d 100644
--- a/lib/core/ogs-timer.c
+++ b/lib/core/ogs-timer.c
@@ -94,7 +94,7 @@ ogs_timer_t *ogs_timer_add(
     memset(timer, 0, sizeof *timer);
     timer->cb = cb;
     timer->data = data;
-
+    timer->assigned = true;
     timer->manager = manager;
 
     return timer;
@@ -112,6 +112,13 @@ void ogs_timer_delete_debug(ogs_timer_t *timer, const char *file_line)
         ogs_assert_if_reached();
     }
 
+    // we can recover from double-free by just returning here
+    if (!timer->assigned) {
+        ogs_error("ogs_timer_delete double free");
+        return;
+    }
+    timer->assigned = false;
+
     ogs_timer_stop(timer);
 
     ogs_pool_free(&manager->pool, timer);
diff --git a/lib/core/ogs-timer.h b/lib/core/ogs-timer.h
index f38b208a31..53289c7ac1 100644
--- a/lib/core/ogs-timer.h
+++ b/lib/core/ogs-timer.h
@@ -39,6 +39,8 @@ typedef struct ogs_timer_s {
     ogs_timer_mgr_t *manager;
     bool running;
     ogs_time_t timeout;
+
+    bool assigned;
 } ogs_timer_t;
 
 ogs_timer_mgr_t *ogs_timer_mgr_create(unsigned int capacity);