vmstate parser fails on Azure nested virtualization (Firecracker v1.12.0, AMD EPYC)

## Environment - **Host**: Azure Standard_D8ads_v6 (AMD EPYC 9V74, 8 vCPU) - **Host OS**: Ubuntu 24.04.4, Kernel 6.17.0-1008-azure - **Nested virtualization**: KVM-in-Hyper-V (Azure) - **Firecracker**: v1.12.0 - **ZeroBoot**: commit 99d86c8 ## Problem `zeroboot test-exec` and `zeroboot bench` fail with: ``` Error: cannot detect vmstate layout: IOAPIC base address 0xFEC00000 not found ``` Template creation (`zeroboot template`) succeeds normally — the issue is in `vmstate.rs::detect_offset_shift()` during snapshot restore. ## Root Cause The `detect_offset_shift()` function assumes a single global shift between reference offsets and actual offsets in the vmstate file. In our environment, the vmstate has **two different shifts**: - IOAPIC region: shift = +4 (from reference 0x0591 to actual 0x058d) - CPU registers (LAPIC, EFER, XSAVE, etc.): shift = -764 This happens because Firecracker's versionize format has variable-length sections between IOAPIC and the CPU state block. The current code finds IOAPIC at the correct offset but then validates by checking EFER at `REF_EFER - shift`, which points to the wrong location (offset 0x2AF1 instead of actual 0x2DF1). ### Offset analysis ``` Field Reference Actual Shift IOAPIC 0x0591 0x058d +4 LAPIC 0x2541 0x283d -764 REGS 0x2955 0x2c51 -764 EFER 0x2AF5 0x2df1 -764 XCRS 0x2B75 0x2e71 -764 XSAVE 0x2D0D 0x3009 -764 ``` #...