The issue at hand is that:

/etc/tcb/USER/shadow gets USER:auth ownership (OK);
/etc/tcb/USER/shadow- backup file is root:root (broken);
/etc/tcb/USER/shadow.lock file is also root:root (broken).

This is observed for all pseudousers created by package installation
process within working chroots as well as for users created by deflogin
feature; the problem is that e.g. echo USER:PASS | chpasswd will break.

Looks like the cuplrit might be fakeroot/faked.