unix: Fix a use-after-free in unp_drop()

We need to load the socket pointer after locking the PCB, otherwise
the socket may have been detached and freed by the time that unp_drop()
sets so_error.

This previously went unnoticed as the socket zone was _NOFREE.

Reported by: pho

(cherry picked from commit 50b07c1f7131fd535bbe1b53a3a2e4dfcdcc2e51)