neighbor: gc_list changes should be protected by table lock

Adding and removing neighbor entries to / from the gc_list need to be
done while holding the table lock; a couple of places were missed in the
original patch.

Move the list_add_tail in neigh_alloc to ___neigh_create where the lock
is already obtained. Since neighbor entries should rarely be moved
to/from PERMANENT state, add lock/unlock around the gc_list changes in
neigh_change_state rather than extending the lock hold around all
neighbor updates.

Fixes: 58956317 ("neighbor: Improve garbage collection")
Reported-by: Andrei Vagin <avagin@gmail.com>
Reported-by:  <syzbot+6cc2fd1d3bdd2e007363@syzkaller.appspotmail.com>
Reported-by:  <syzbot+35e87b87c00f386b041f@syzkaller.appspotmail.com>
Reported-by:  <syzbot+b354d1fb59091ea73c37@syzkaller.appspotmail.com>
Reported-by:  <syzbot+3ddead5619658537909b@syzkaller.appspotmail.com>
Reported-by:  <syzbot+424d47d5c456ce8b2bbe@syzkaller.appspotmail.com>
Reported-by:  <syzbot+e4d42eb35f6a27b0a628@syzkaller.appspotmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>