Why am I failing SPF only in my Google DMARC report?

Curious as to why my Google DMARC is coming back with a fail under SPF. Here is the report:

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>[email protected]</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>3863390516803564136</report_id>
    <date_range>
      <begin>1636848000</begin>
      <end>1636934399</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>bXXXXXXXXs.XXXX</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>none</p>
    <sp>none</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>209.85.XXX.XX</source_ip>
      <count>38</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>bXXXXXXXXs.XXXX</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>bXXXXXXXXs.XXXX</domain>
        <result>pass</result>
        <selector>google</selector>
      </dkim>
      <spf>
        <domain>bXXXXXXXXs.XXXX</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
  <record>
    <row>
      <source_ip>209.85.XXX.XX</source_ip>
      <count>7</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>bXXXXXXXXs.XXXX</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>bXXXXXXXXs.XXXX</domain>
        <result>pass</result>
        <selector>google</selector>
      </dkim>
      <spf>
        <domain>2XXXXXe.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

Here are my relevant settings:

_dmarc: v=DMARC1; p=none; rua=mailto:[email protected]; sp=none

v=spf1 include:_spf.google.com ~all

It may be worth noting that this only happens in the reports from Google, and none of the other email providers. Also, the emails sent to "2XXXXXe.com" are reports regularly sent from my online store to myself (out of stock alerts, etc.).

TIA.

DMARC rules only use SPF results of aligned domains. While subdomains could be allowed, for your messages sent with an entirely distinct envelope sender domain, recipients are unable to use DMARC to tell that those messages are authorized by you.

It is easier to read DMARC records if you view the tables as actual tables (hint: XSLT templates and even commercial collection & processing services exist):

Your second record has two different domains. Check the program sending these, maybe in fact you wanted these to have matching envelope sender and header from domains.

this only happens in the reports from Google, and none of the other email providers

If the only DMARC report sending party you send such messages to is Google, then you only receiving reports about these from Google just means that nobody else is seeing them (not that there is anything special about how Google treats your messages).