- Client-go: fixed potential data races retrying requests using a custom `io.Reader` body; with this fix, only requests with no body or with `string` / `[]byte` / `runtime.Object` bodies can be retried ([#113933](https://github.com/kubernetes/kubernetes/pull/113933), [@liggitt](https://...

    * The vSphere cloud provider has a cleanup function with a loop,
    * inside of which a write lock was intended to prevent races against
    * VM creation, but the usage of the sync.RWMutex type is incorrect,
    * plus is placed in a defer call so the locking is effectively
    * nonexistent.  This patch adds an anonymous function call inside

- DRA: when scheduling many pods very rapidly, sometimes the same device was allocated twice for different ResourceClaims due races between data processing in different goroutines. Depending on whether DRA drivers check for this during NodePrepareResources (they should, but maybe not all implement this properly), the second pod using the same device then failed to start until the...

* AWS: Remove duplicate calls to DescribeInstance during volume operations ([#39842](https://github.com/kubernetes/kubernetes/pull/39842), [@gnufied](https://github.com/gnufied))
* Caching added to the OIDC client auth plugin to fix races and reduce the time kubectl commands using this plugin take by several seconds. ([#38167](https://github.com/kubernetes/kubernetes/pull/38167), [@ericchiang](https://github.com/ericchiang))

    * faster handoff when a leader-elected process is gracefully terminated.
* Make volume binder resilient to races between main schedule loop and async binding operation  ([#72045](https://github.com/kubernetes/kubernetes/pull/72045), [@cofyc](https://github.com/cofyc))

	// generate a random bucket name.
	bucketName := getRandomBucketName()
	// Block 1: Testing for racy access
	// The assertion is removed from this block since the purpose of this block is to find races
	// The purpose this block is not to check for correctness of functionality
	// Run the test with -race flag to utilize this
	var wg sync.WaitGroup
	for range testConcurrencyLevel {
		wg.Add(1)
		go func() {

### Bug or Regression

* Move private key parsing from serviceaccount/jwt.go to client-go/util/cert ([#40907](https://github.com/kubernetes/kubernetes/pull/40907), [@cblecker](https://github.com/cblecker))
* Caching added to the OIDC client auth plugin to fix races and reduce the time kubectl commands using this plugin take by several seconds. ([#38167](https://github.com/kubernetes/kubernetes/pull/38167), [@ericchiang](https://github.com/ericchiang))

    * The vSphere cloud provider has a cleanup function with a loop,
    * inside of which a write lock was intended to prevent races against
    * VM creation, but the usage of the sync.RWMutex type is incorrect,
    * plus is placed in a defer call so the locking is effectively
    * nonexistent.  This patch adds an anonymous function call inside

### Bug or Regression

- Fix data race in kube-scheduler when preemption races with a Pod update. ([#116439](https://github.com/kubernetes/kubernetes/pull/116439), [@alculquicondor](https://github.com/alculquicondor)) [SIG Scheduling]