System time is changed automatically for some unknown reason on Linux machine

I asked the same question on SOF but be told this is the more appropriate place. There's a very weird problem about system time on one of my Linux machines, the system time is kept being changed to 40 seconds ahead of my local time automatically by something. No matter what time I reset, it'll be changed a couple seconds later, as you can see from the following output:

[root@node ~]# date; date -s "2018-01-23 14:06:40";sleep 5;date
Tue Jan 23 14:07:21 CST 2018
Tue Jan 23 14:06:40 CST 2018
Tue Jan 23 14:07:26 CST 2018

The ntpd service is stopped, and there's no cronjob running to change the system time. I tried to add audit rules to trace the event of time change, but there's nothing recorded, audit rules appended to /etc/audit/audit.rules:

-a always,exit -F arch=b64 -S clock_adjtime -S adjtimex  -S time -S timer_settime -S settimeofday -S clock_settime -k time_change
-w /etc/localtime -p rxwa -k access_localtime
-w /etc/adjtime -p rxwa -k access_adjtime

After service auditd restart, I can see time change logs from /var/log/audit/audit.log by either ntpdate time.windows.com:

[root@node ~]# ntpdate time.windows.com
23 Jan 13:08:24 ntpdate[14584]: step time server 52.178.161.41 offset -61.612892 sec

Logs of the above command:

type=SYSCALL msg=audit(1516684164.838:3093): arch=c000003e syscall=223 success=yes exit=0 a0=0 a1=0 a2=7fff507e2600 a3=0 items=0 ppid=14397 pid=14584 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=47 comm="ntpdate" exe="/usr/sbin/ntpdate" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="time_change"
type=SYSCALL msg=audit(1516684166.521:3094): arch=c000003e syscall=227 success=yes exit=0 a0=0 a1=7fff507e2110 a2=0 a3=0 items=0 ppid=14397 pid=14584 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=47 comm="ntpdate" exe="/usr/sbin/ntpdate" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="time_change"

or by date -s <date-time>:

[root@node ~]# date -s "2018-01-23 13:12:30"
Tue Jan 23 13:12:30 CST 2018

Logs of the above command:

type=SYSCALL msg=audit(1516684402.125:3110): arch=c000003e syscall=227 success=yes exit=0 a0=0 a1=7fff55d0ced0 a2=0 a3=112e0be826d694b3 items=0 ppid=14397 pid=14626 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=47 comm="date" exe="/bin/date" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="time_change"

But the time will be changed again very soon without any useful audit logs. BTW, this is a virtual machine managed by Hyper-V on a blade server, but there's no such problem on the other VMs on the same blade server.

OS environment info:

[root@node ~]# uname -a
Linux node 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@node ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

Could anyone give me any clues about why this is happening? Thanks a lot :-)