I noticed that when you layer packages in silverblue, some system users are added in /usr/etc/passwd (therefore end up in /etc/passwd as well) and some are added in /usr/lib/passwd.
I am not clear why there are two files for system users but what is problematic is that some users appear both in /usr/etc/passwd and /usr/lib/passwd but have different uids.
For example, in my system, qemu and toranon are defined both in /usr/etc/passwd and /usr/lib/passwd and have different uids.
grep -E "qemu|toranon" /usr/etc/passwd shows:
qemu:x:107:107:qemu user:/:/usr/sbin/nologin
toranon:x:963:963:Tor anonymizing user:/var/lib/tor:/sbin/nologin
grep -E "qemu|toranon" /usr/lib/passwd shows:
qemu:x:107:107:qemu user:/:/sbin/nologin
toranon:x:962:961:Tor anonymizing user:/var/lib/tor:/sbin/nologin
qemu has a consistent uid assignment but toranon does not. For now, I manually removed qemu and toranon from /etc/passwd.
Is this some bug that should be fixed upstream?