diff --git a/rts/Linker.c b/rts/Linker.c
index d3f182233f57551a732db043cc9a4d32458e0eda..66fbf7907028a076c551fb78a05472eca05fa0a5 100644
--- a/rts/Linker.c
+++ b/rts/Linker.c
@@ -598,8 +598,27 @@ internal_dlopen(const char *dll_name)
    // (see POSIX also)
 
    ACQUIRE_LOCK(&dl_mutex);
+
+   // When dlopen() loads a profiled dynamic library, it calls the
+   // ctors which will call registerCcsList() to append the defined
+   // CostCentreStacks to CCS_LIST. This execution path starting from
+   // addDLL() was only protected by dl_mutex previously. However,
+   // another thread may be doing other things with the RTS linker
+   // that transitively calls refreshProfilingCCSs() which also
+   // accesses CCS_LIST, and those execution paths are protected by
+   // linker_mutex. So there's a risk of data race that may lead to
+   // segfaults (#24423), and we need to ensure the ctors are also
+   // protected by ccs_mutex.
+#if defined(PROFILING)
+   ACQUIRE_LOCK(&ccs_mutex);
+#endif
+
    hdl = dlopen(dll_name, RTLD_LAZY|RTLD_LOCAL); /* see Note [RTLD_LOCAL] */
 
+#if defined(PROFILING)
+   RELEASE_LOCK(&ccs_mutex);
+#endif
+
    errmsg = NULL;
    if (hdl == NULL) {
       /* dlopen failed; return a ptr to the error msg. */
diff --git a/rts/Profiling.c b/rts/Profiling.c
index b039facfbf60d86145e53805ac21e1f49c3a3696..2ba985434b165e7f45f4f53d266d65d2af92160a 100644
--- a/rts/Profiling.c
+++ b/rts/Profiling.c
@@ -59,7 +59,7 @@ CostCentre      *CC_LIST  = NULL;
 static CostCentreStack *CCS_LIST = NULL;
 
 #if defined(THREADED_RTS)
-static Mutex ccs_mutex;
+Mutex ccs_mutex;
 #endif
 
 /*
diff --git a/rts/Profiling.h b/rts/Profiling.h
index b3724c3c8812fe920a40af3d039b9186a9fca0c8..d91e2cc9c1beb9c71b65972ee67c64bed24d943d 100644
--- a/rts/Profiling.h
+++ b/rts/Profiling.h
@@ -55,6 +55,10 @@ extern Arena *prof_arena;
 void debugCCS( CostCentreStack *ccs );
 #endif
 
+#if defined(THREADED_RTS)
+extern Mutex ccs_mutex;
+#endif
+
 #endif
 
 #include "EndPrivate.h"