systemd version the issue has been seen with

v240

Used distribution

Debian sid.
Filed originally as downstream bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918190

After the update to v240, where DynamicUser=true has been turned off for systemd-timesyncd.service, the daemon fails updating the stamp file /var/lib/private/systemd/timesync/clock

# ls -ld /var/lib/systemd/timesync
lrwxrwxrwx 1 root root 27 Dez 17  2017 /var/lib/systemd/timesync -> ../private/systemd/timesync

# ls -ld /var/lib/private/systemd/timesync
drwxr-xr-x 2 systemd-timesync systemd-timesync 4096 Dez 17  2017 /var/lib/private/systemd/timesync

So the state directory is writable by the systemd-timesync user, but not accessible as /var/lib/private is 0700 root:root.
Adding Environment=SYSTEMD_LOG_LEVEL=debug to systemd-timesyncd.service yields

Jan 04 12:35:00 pluto systemd-timesyncd[7011]: Failed to create state directory, ignoring: Permission denied

I can work around that in the Debian package by removing the /var/lib/systemd/timesync symlink in our maintainer scripts and let it be recreated as real directory.
That said, this issue will possibly affect other distros as well, so I wanted to raise it upstream. Maybe there is a better solution.