Gmail DMARC/DKIM/SPF results vs. DMARC reports

Question

I recently noticed a discrepancy between Gmail's DMARC/DKIM/SPF results for messages sent via my mailserver as represented in the mail headers –

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=s42 header.b=TWJ2lYx3;
       spf=pass (google.com: domain of [email protected] designates 000.000.000.000 as permitted sender) [email protected];
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=domain.com
Return-Path: <[email protected]>
Received: from mail.domain.com (mail.domain.com. [000.000.000.000])
        by mx.google.com with ESMTPS id v16-20020a5d6110000000b00314105346a6si1394751wrt.420.2023.07.06.12.09.26
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 06 Jul 2023 12:09:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 000.000.000.000 as permitted sender) client-ip=000.000.000.000;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=s42 header.b=TWJ2lYx3;
       spf=pass (google.com: domain of [email protected] designates 000.000.000.000 as permitted sender) [email protected];
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=domain.com

– and Google's DMARC report, which contains a fail result for the same messages:

<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>[email protected]</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>1502902575606731331</report_id>
    <date_range>
      <begin>1688515200</begin>
      <end>1688601599</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>domain.com</domain>
    <adkim>s</adkim>
    <aspf>r</aspf>
    <p>quarantine</p>
    <sp>quarantine</sp>
    <pct>75</pct>
    <np>quarantine</np>
  </policy_published>
  <record>
    <row>
      <source_ip>000.000.000.000</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>quarantine</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>mail.domain.com</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>mail.domain.com</domain>
        <result>none</result>
      </spf>
    </auth_results>
  </record>
</feedback>

A couple of months ago, Google's reports listed pass results (and Microsoft's reports still do).

I found a similar question, but the response pointing to misaligned domains does not apply here, as the domains are properly aligned for my relaxed DMARC policy (s. snippets above with domain.com and mail.doman.com as placeholders for my actual domains). What's more, the DMARC result is different in the message header and the report, too.