https://github.com/libvirt/libvirt/commit/d9c087f57d3f06f1636711921a4a575a1070f799
What effect does the tss user and group not being present have on libvirt on your system?

Well, at least it prints this error. As I said I don't know what this user/group is supposed to do. But if the non-existence of the user is not an error but only an inconvenience then it should only log an INFO or WARN but not an ERROR.

libvirt 4.9.0 is in testing. Please install it and verify if your bug still exists

The package hasn't yet appeared on the mirrors I use ( under $BASEURL/testing/os/x86_64/ ). Can you point me to a location where I can get it manually?

The package would be in community-testing not testing.
https://www.archlinux.org/packages/community-testing/x86_64/libvirt/download/ although I would suggest enabling both testing and community-testing and pulling all updated packages is preferable.

Sorry, my bad.

I was going to cherry pick the necessary packages as I don't want to run my system on testing. It seems that libvirt-4.9.0-1-x86_64.pkg.tar.xz has no dependencies to other packages in community-testing so this is the only one I installed.

After restarting libvirtd I can see the error message has changed a bit but is still present:

Nov 11 10:25:58 t400 libvirtd[2691]: 2711: info : libvirt version: 4.9.0
Nov 11 10:25:58 t400 libvirtd[2691]: 2711: info : hostname: t400
Nov 11 10:25:58 t400 libvirtd[2691]: 2711: error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss'
Nov 11 10:25:58 t400 libvirtd[2691]: libvirt version: 4.9.0
Nov 11 10:25:58 t400 libvirtd[2691]: hostname: t400
Nov 11 10:25:58 t400 libvirtd[2691]: invalid argument: Failed to parse user 'tss'

For comparison the log before the update:

Nov 11 10:21:32 t400 libvirtd[1122]: 1198: info : libvirt version: 4.8.0
Nov 11 10:21:32 t400 libvirtd[1122]: 1198: info : hostname: t400
Nov 11 10:21:32 t400 libvirtd[1122]: libvirt version: 4.8.0
Nov 11 10:21:32 t400 libvirtd[1122]: 1198: error : virGetUserID:1042 : invalid argument: Failed to parse user 'tss'
Nov 11 10:21:32 t400 libvirtd[1122]: hostname: t400
Nov 11 10:21:32 t400 libvirtd[1122]: invalid argument: Failed to parse user 'tss'
Nov 11 10:21:32 t400 libvirtd[1122]: 1198: error : virGetGroupID:1125 : invalid argument: Failed to parse group 'tss'
Nov 11 10:21:32 t400 libvirtd[1122]: invalid argument: Failed to parse group 'tss'

Thanks.

/etc/libvirt/qemu.conf:
# User for the swtpm TPM Emulator
#
# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
# and uses; alternative is 'root'
#
#swtpm_user = "tss"
#swtpm_group = "tss"

I think you need to either create a tss user or just set another one.
Btw this is something which should be done by package maintainers.

Sorry, I'm bad at reading between the lines…

Are you saying this is the wrong place for this and I should open a bug upstream? I thought I could reach the Arch package maintainer with this ticket.

I totally agree that this is something the package maintainer should/could. I don't agree that I should create a separate user just to silence an error that shouldn't be an error (at least if want to help the community).

libvirt 4.9.0-1 add a snippet to usr/lib/sysusers.d/libvirt.conf to create the tss group without a matching tss user.
After the user and group tss exist please check libvirt can still use the software TPM.

Well, if libvirt 4.9.0-1 creates a tss group without matching user than this is the explanation why "invalid argument: Failed to parse user 'tss'" is still printed. Which means that 4.9.0-1 should also create the user, don't you think?

As I have never (consciously) used a TPM before (neither software nor hardware) I have no idea how I should test that.

I think this commit https://github.com/libvirt/libvirt/commit/b907fd75fa826a8285dc33fcf6117c7833e2853b instead of silencing a warning when the tss user / group does not exist causes an error to be produced instead.
Edit:
What upstream describes as a warning is the error message. From the commit message the message is harmless but should not be produced but the commit does not achieve that.
I would class this as an upstream issue.
Edit2:
if (virDoesUserExist(&cfg->swtpm_user) != 0)
cfg->swtpm_user = 0; /* fall back to root */
if (virDoesGroupExist(&cfg->swtpm_group) != 0)
cfg->swtpm_group = 0; /* fall back to root */
I think something like the above should silence the message although still printing a message when the value is not set to the default tss and does not exist might be appropriate but that would be for upstream.

Replacing two ors with ands. With that change the messages are no longer generated without the tss user or group present.
In such a case the root user and group will be used unless overridden in qemu.conf which is the original behavior.
If the tss user or group does exist it will be used unless overridden in qemu.conf which is the original behavior.
If a swtpm_user or swtpm_group is defined in /etc/libvirt/qemu.conf and does not exist that will still generate the message no change in behavior.

Invert test result so that root is used when the user/group does not exist or name to id mapping fails then fallback to using root.
In the previous version if tss user/group existed and the id mapping succeeded then the fallback would be used.

Proposed upstream fix https://www.redhat.com/archives/libvir-list/2018-November/msg00722.html

Upstream fix https://github.com/libvirt/libvirt/commit/615106fb10f0f8df6fb2c361b1349bdb7dd5a942

Upstream fix is contained in v4.10.0