Task dropped in wrong thread when aborting LocalSet task

[Darksonn]

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. See this example that exploits it to send a non-send value to a different thread:

use tokio::task::LocalSet;
use std::time::Duration;

struct PrintOnDrop {
    created_on: std::thread::ThreadId,
    marker: std::marker::PhantomData<*const ()>,
}

impl PrintOnDrop {
    fn new() -> Self {
        Self {
            created_on: std::thread::current().id(),
            marker: std::marker::PhantomData,
        }
    }
}
impl Drop for PrintOnDrop {
    fn drop(&mut self) {
        if std::thread::current().id() != self.created_on {
            println!("non-Send value dropped in another thread!");
        }
    }
}

#[tokio::main]
async fn main() {
    let ls = LocalSet::new();
    let pod = PrintOnDrop::new();
    let jh = ls.spawn_local(async move {
        std::future::pending::<()>().await;
        drop(pod);
    });
    
    std::thread::spawn(move || {
        std::thread::sleep(Duration::from_millis(10));
        jh.abort();
    });
    
    ls.await;
}

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

[Darksonn]

Note: I have some follow-up PRs to #3909 planned, which will fix this issue.

[Darksonn]

This was fixed in #3934. The fix has been backported to all minor releases that are at most 3 months old which includes 1.5 and newer.