My understanding of the dangers of CSRF is that an attacker can take actions as an authenticated user. In the case of a login form, the attacker would need to know the user's login and password already.
Assuming the login route has no effect when accessed by a logged-in user, it would seem there's no problem in exempting the route from CSRF protection.
However, it's not uncommon for the login route to simply redirect the user to their dashboard. After hitting the route as the logged-in user, the server would ultimately respond by rendering the user's dashboard. Now the attacker has access to the user's dashboard, complete with a CSRF token and full access to act as the user.
If my understanding is correct, this is simply a very bad idea. If I'm wrong about any of this, I'd very much appreciate being corrected.