diff --git a/README.md b/README.md
index 8482cd4..9b9c266 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,15 @@ mkdir qemu/build && cd qemu/build && ../configure --target-list=x86_64-softmmu -
 cd scripts/create-image/ && ./create-image.sh && cd ../..
 ~~~
 
+Or if you prefer using docker to build your image:
+~~~
+cd scripts/create-image/
+docker build -t img .
+docker run -v "$(pwd)":/mnt --privileged --rm img
+~~~
+
+Notice that `privileged` is necessary because we want to use `/dev/loop*` inside docker.
+
 ### Step 4: Install uv
 ~~~
 pip install uv
diff --git a/scripts/create-image/Dockerfile b/scripts/create-image/Dockerfile
new file mode 100644
index 0000000..0a51c96
--- /dev/null
+++ b/scripts/create-image/Dockerfile
@@ -0,0 +1,36 @@
+FROM ubuntu:24.04 AS base
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-c"]
+
+RUN <<EOF
+apt-get update
+apt-get install -y \
+    ssh \
+    debootstrap \
+    e2fsprogs \
+    $NULL
+apt-get clean
+ln -sf /bin/env /bin/sudo
+EOF
+
+ENV DIR=chroot
+ENV RELEASE=trixie
+ENV PREINSTALL_PKGS=openssh-server,curl,tar,gcc,libc6-dev,time,strace,sudo,less,psmisc,selinux-utils,policycoreutils,checkpolicy,selinux-policy-default,wget
+ENV ADD_PACKAGE="make,sysbench,git,vim,tmux,usbutils,tcpdump,net-tools"
+
+ENV FEATURE=minimal
+ENV SEEK=2047
+ENV PERF=false
+ENV IN_DOCKER=true
+
+# Use COPY after agt-get to allow caching apt
+WORKDIR /src
+COPY --chmod=0755 debootstrap.sh /src/
+RUN ./debootstrap.sh
+
+# will copy the img file to /mnt. Need --privileged flag for docker run.
+COPY --chmod=0755 configure.sh /src/
+CMD ["bash", "-c", "set -ex; source /src/configure.sh"]
+
diff --git a/scripts/create-image/configure.sh b/scripts/create-image/configure.sh
new file mode 100644
index 0000000..6ceba96
--- /dev/null
+++ b/scripts/create-image/configure.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+usage() {
+    echo "Please use ./create-image.sh instead." >&2
+    exit 1
+}
+
+# Prevent execution if not sourced
+(return 0 2>/dev/null) || {
+    usage
+}
+
+if [ -z "$DIR" ] || [ "$(readlink -f "$DIR")" = / ]; then
+    usage
+fi
+
+# Set some defaults and enable promtless ssh to the machine for root.
+sudo sed -i '/^root/ { s/:x:/::/ }' $DIR/etc/passwd
+echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a $DIR/etc/inittab
+mkdir -p $DIR/etc/network
+printf '\nauto eth0\niface eth0 inet dhcp\n' | sudo tee -a $DIR/etc/network/interfaces
+echo '/dev/root / ext4 defaults 0 0' | sudo tee -a $DIR/etc/fstab
+echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
+#echo 'securityfs /sys/kernel/security securityfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
+#echo 'configfs /sys/kernel/config/ configfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
+echo 'binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0' | sudo tee -a $DIR/etc/fstab
+echo "kernel.printk = 7 4 1 3" | sudo tee -a $DIR/etc/sysctl.conf
+echo 'debug.exception-trace = 0' | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.core.bpf_jit_enable = 1" | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.core.bpf_jit_kallsyms = 1" | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.core.bpf_jit_harden = 0" | sudo tee -a $DIR/etc/sysctl.conf
+echo "kernel.softlockup_all_cpu_backtrace = 1" | sudo tee -a $DIR/etc/sysctl.conf
+echo "kernel.kptr_restrict = 0" | sudo tee -a $DIR/etc/sysctl.conf
+echo "kernel.watchdog_thresh = 60" | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a $DIR/etc/sysctl.conf
+echo -en "127.0.0.1\tlocalhost\n" | sudo tee $DIR/etc/hosts
+echo "nameserver 8.8.8.8" | sudo tee -a $DIR/etc/resolve.conf
+echo "pwn" | sudo tee $DIR/etc/hostname
+
+# Add perf support
+if [ "$PERF" == "true" ]; then
+    cp -r $KERNEL $DIR/tmp/
+    sudo chroot $DIR /bin/bash -c "apt-get update; apt-get install -y flex bison python-dev libelf-dev libunwind8-dev libaudit-dev libslang2-dev libperl-dev binutils-dev liblzma-dev libnuma-dev"
+    sudo chroot $DIR /bin/bash -c "cd /tmp/linux/tools/perf/; make"
+    sudo chroot $DIR /bin/bash -c "cp /tmp/linux/tools/perf/perf /usr/bin/"
+    rm -r $DIR/tmp/linux
+fi
+
+# create a default user called user
+echo "user::1000:1000:user:/home/user:/bin/bash" | sudo tee -a $DIR/etc/passwd
+echo "user:x:1000:" | sudo tee -a $DIR/etc/group
+sudo mkdir -p $DIR/home/user/.ssh
+sudo chown -R 1000:1000 $DIR/home/user
+
+# install python3
+sudo chroot $DIR /bin/bash -c "apt-get update"
+sudo chroot $DIR /bin/bash -c "apt-get install -y python3 && ln -s /usr/bin/python3 /usr/bin/python"
+
+# create ssh key and save it
+ssh-keygen -f $RELEASE.id_rsa -t rsa -N ''
+sudo mkdir -p $DIR/root/.ssh/
+cat $RELEASE.id_rsa.pub | sudo tee $DIR/root/.ssh/authorized_keys
+cat $RELEASE.id_rsa.pub | sudo tee $DIR/home/user/.ssh/authorized_keys
+sudo chown -R 1000:1000 $DIR/home/user
+
+# Build a disk image
+dd if=/dev/zero of=$RELEASE.img bs=1M seek=$SEEK count=1
+sudo mkfs.ext4 -F $RELEASE.img
+sudo mkdir -p /fs/$DIR /mnt
+sudo mount -o loop $RELEASE.img /fs/$DIR
+sudo cp -a $DIR/. /fs/$DIR/.
+sudo umount /fs/$DIR
+
+if [ "$IN_DOCKER" = true ]; then
+    cp $RELEASE.* /mnt
+fi
diff --git a/scripts/create-image/create-image.sh b/scripts/create-image/create-image.sh
index e585af1..e504684 100755
--- a/scripts/create-image/create-image.sh
+++ b/scripts/create-image/create-image.sh
@@ -20,6 +20,7 @@ RELEASE=trixie
 FEATURE=minimal
 SEEK=2047
 PERF=false
+IN_DOCKER=false
 
 # Display help function
 display_help() {
@@ -77,66 +78,10 @@ if [ $PERF = "true" ] && [ -z ${KERNEL+x} ]; then
 fi
 
 # If full feature is chosen, install more packages
-if [ $FEATURE = "full" ]; then
+if [ "$FEATURE" = "full" ]; then
     PREINSTALL_PKGS=$PREINSTALL_PKGS","$ADD_PACKAGE
 fi
 
-sudo rm -rf $DIR
-mkdir -p $DIR
-sudo debootstrap --include=$PREINSTALL_PKGS $RELEASE $DIR
+source ./debootstrap.sh
+source ./configure.sh
 
-# Set some defaults and enable promtless ssh to the machine for root.
-sudo sed -i '/^root/ { s/:x:/::/ }' $DIR/etc/passwd
-echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a $DIR/etc/inittab
-printf '\nauto eth0\niface eth0 inet dhcp\n' | sudo tee -a $DIR/etc/network/interfaces
-echo '/dev/root / ext4 defaults 0 0' | sudo tee -a $DIR/etc/fstab
-echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
-#echo 'securityfs /sys/kernel/security securityfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
-#echo 'configfs /sys/kernel/config/ configfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
-echo 'binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0' | sudo tee -a $DIR/etc/fstab
-echo "kernel.printk = 7 4 1 3" | sudo tee -a $DIR/etc/sysctl.conf
-echo 'debug.exception-trace = 0' | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.core.bpf_jit_enable = 1" | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.core.bpf_jit_kallsyms = 1" | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.core.bpf_jit_harden = 0" | sudo tee -a $DIR/etc/sysctl.conf
-echo "kernel.softlockup_all_cpu_backtrace = 1" | sudo tee -a $DIR/etc/sysctl.conf
-echo "kernel.kptr_restrict = 0" | sudo tee -a $DIR/etc/sysctl.conf
-echo "kernel.watchdog_thresh = 60" | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a $DIR/etc/sysctl.conf
-echo -en "127.0.0.1\tlocalhost\n" | sudo tee $DIR/etc/hosts
-echo "nameserver 8.8.8.8" | sudo tee -a $DIR/etc/resolve.conf
-echo "pwn" | sudo tee $DIR/etc/hostname
-
-# Add perf support
-if [ $PERF = "true" ]; then
-    cp -r $KERNEL $DIR/tmp/
-    sudo chroot $DIR /bin/bash -c "apt-get update; apt-get install -y flex bison python-dev libelf-dev libunwind8-dev libaudit-dev libslang2-dev libperl-dev binutils-dev liblzma-dev libnuma-dev"
-    sudo chroot $DIR /bin/bash -c "cd /tmp/linux/tools/perf/; make"
-    sudo chroot $DIR /bin/bash -c "cp /tmp/linux/tools/perf/perf /usr/bin/"
-    rm -r $DIR/tmp/linux
-fi
-
-# create a default user called user
-echo "user::1000:1000:user:/home/user:/bin/bash" | sudo tee -a $DIR/etc/passwd
-echo "user:x:1000:" | sudo tee -a $DIR/etc/group
-sudo mkdir -p $DIR/home/user/.ssh
-sudo chown -R 1000:1000 $DIR/home/user
-
-# install python3
-sudo chroot $DIR /bin/bash -c "apt-get update"
-sudo chroot $DIR /bin/bash -c "apt-get install -y python3 && ln -s /usr/bin/python3 /usr/bin/python"
-
-# create ssh key and save it
-ssh-keygen -f $RELEASE.id_rsa -t rsa -N ''
-sudo mkdir -p $DIR/root/.ssh/
-cat $RELEASE.id_rsa.pub | sudo tee $DIR/root/.ssh/authorized_keys
-cat $RELEASE.id_rsa.pub | sudo tee $DIR/home/user/.ssh/authorized_keys
-sudo chown -R 1000:1000 $DIR/home/user
-
-# Build a disk image
-dd if=/dev/zero of=$RELEASE.img bs=1M seek=$SEEK count=1
-sudo mkfs.ext4 -F $RELEASE.img
-sudo mkdir -p /mnt/$DIR
-sudo mount -o loop $RELEASE.img /mnt/$DIR
-sudo cp -a $DIR/. /mnt/$DIR/.
-sudo umount /mnt/$DIR
diff --git a/scripts/create-image/debootstrap.sh b/scripts/create-image/debootstrap.sh
new file mode 100644
index 0000000..fb6f945
--- /dev/null
+++ b/scripts/create-image/debootstrap.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+sudo rm -rf $DIR
+mkdir -p $DIR
+
+if ! \
+  sudo debootstrap --include=$PREINSTALL_PKGS $RELEASE $DIR; \
+then
+  sudo debootstrap --no-check-gpg --include=$PREINSTALL_PKGS $RELEASE $DIR \
+    http://archive.debian.org/debian
+fi