Btrfs: Fix use after free during compressed reads

Yan's fix to use the correct file offset during compressed reads used the
extent_map struct pointer after it had been freed.  This saves the
fields we want for later use instead.
Signed-off-by: Chris Mason <chris.mason@oracle.com>

fs/btrfs/compression.c

@@ -505,6 +505,8 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
 	struct block_device *bdev;
 	struct bio *comp_bio;
 	u64 cur_disk_byte = (u64)bio->bi_sector << 9;
+	u64 em_len;
+	u64 em_start;
 	struct extent_map *em;
 	int ret;
 
@@ -525,7 +527,10 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
 
 	cb->start = em->orig_start;
 	compressed_len = em->block_len;
+	em_len = em->len;
+	em_start = em->start;
 	free_extent_map(em);
+	em = NULL;
 
 	cb->len = uncompressed_len;
 	cb->compressed_len = compressed_len;
@@ -543,7 +548,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
 	}
 	cb->nr_pages = nr_pages;
 
-	add_ra_bio_pages(inode, em->start + em->len, cb);
+	add_ra_bio_pages(inode, em_start + em_len, cb);
 
 	if (!btrfs_test_opt(root, NODATASUM) &&
 	    !btrfs_test_flag(inode, NODATASUM)) {