net: tcp: check for SOCK_DEAD again in tcp_nuke_addr

Liping Zhang spotted a race between tcp_nuke_addr and tcp_close
that can cause a crash. If a userspace process calls tcp_close
on a socket at the same time that tcp_nuke_addr is closing it,
and tcp_close wins the race to call lock_sock, it will call
sock_orphan before releasing the lock. sock_orphan sets the
SOCK_DEAD flag on the socket and proceeds to close it, eventually
calling inet_csk_destroy_sock. When tcp_nuke_addr gets the socket
lock, it calls tcp_done. But if tcp_done sees the SOCK_DEAD flag,
it calls inet_csk_destroy_sock as well, resulting in a double
free.

Fix this by checking for SOCK_DEAD again after lock_sock
succeeds. Eric had already pointed out that this could be a
problem in b/23663111, so there was already a TODO in the code
for this.

Change-Id: I0c87c3fd0598384d957b69734366bd4e2fd7e8d7