Fix bug in the api/step_io message writing logic.

If the write_labelled_message() returned -1 in _file_write(), the
info->out_msg was not NULLed out thus in subsequent calls to _file_write()
the same info->out_msg pointer could be enqueued again to the list.

Besides the incorrect behavior of enqueing the same message more than once,
api/step_io consuming clients like srun or sattach would eventually call
client_io_handler_destroy(), which in turn would FREE_NULL_LIST() the
free_outgoing list. The list destructor would free the pointer which was
enqueued twice in the first occurrence, and in the next the process would
segfault.

Bug 13418

NEWS

@@ -45,6 +45,9 @@ documents those changes that are of interest to users and administrators.
  -- slurm.spec - explicitly disable Link Time Optimization (LTO) to avoid
     linking errors on systems where LTO-related RPM macros are enabled by
     default and the binutils version has a bug.
+ -- Fix issue in the api/step_io message writing logic leading to incorrect
+    behavior in API consuming clients like srun or sattach, including a segfault
+    when freeing IO buffers holding traffic from the tasks to the client.
 * Changes in Slurm 22.05.2
 ==========================

src/api/step_io.c

@@ -603,6 +603,7 @@ static int _file_write(eio_obj_t *obj, List objs)
 					        info->cio->label,
 					        info->cio->taskid_width)) < 0) {
 			list_enqueue(info->cio->free_outgoing, info->out_msg);
+			info->out_msg = NULL;
 			info->eof = true;
 			return SLURM_ERROR;
 		}