Any examples of what a malicious crafted image could do?

I would assume that they are intended to "crosslink" filesystems. When you store a filesystem image on your storage device you would expect that to be isolated from the filesystem it is hosted on. In other words it should not interfere with the host filesystems structures.

A filesystem image that is specially crafted might trick the host filesystem into thinking that it is part of the host filesystem structures itself, and then you have a "extended" your filesystem with malicious content. In worst case I can imagine that this could be used to transparently replace /sbin /usr or whatever with programs that act as backdoors into the system.

XFS after kernel 3.0 or so I think have mechanisms to protect against this stuff. BTRFS has to protect against such tings to even work (as far as I know) and I would assume that other relatively modern filesystems would know where it's metadata blocks belongs as well. That being said , I have no idea how Ext4 is tricked so this is all speculation. Please keep that in mind.

Perhaps exercise exploits in the ext4 filesystem driver to get root? Or maybe along the lines of what waxhead said, perhaps it could link into your host filesystem, which would allow malicious code in the container to infect the host.

It should not be able to "link" into a completely other block device. But any filesystem driver has at least some bugs. Ext4, touted the most stable filesystem, had a lot of bugs with respect to containers that would just block the kernel access to the device. This was an ext4 bug triggered by certain memory use. Now allowing a container to have mounting priviliges and let it mount a specially crafted image is just waiting for an exploit to happen. Especially btrfs seems to me like a nice target.

So for now only sane filesystems should be mounted by the host and handed over to the container. A container should not be able to do that. Or it should use a user space driver for that. A container could just run user-mode-linux to export the filesystem as an nfs network :-).

I think to be able to make mounting rights less exploitable, filesystem drivers need a big change.