Why can't root bypass permissions in an ID-mapped mount?

Why does global root (root in the initial user namespace) not have the ability to read all files regardless of permission when ID-mapped mounts (see "ID-mapped mounts" under man 2 mount_setattr and "X-mount.idmap" under man 8 mount ) are in use? Minimal test case:

dd if=/dev/zero of=/tmp/idmaptest bs=1M count=10
mkfs.ext4 /tmp/idmaptest
mount /tmp/idmaptest /mnt -o X-mount.idmap=1000:0:1
ls -l /mnt/lost+found

After doing all of the above as root, the final command will fail with a permission denied error. (By the way, this isn't specific to lost+found. Any other directory that's not world-readable will exhibit the same behavior.) This surprises me, because I definitely have CAP_DAC_READ_SEARCH and CAP_DAC_OVERRIDE in the initial user namespace, and man 7 user_namespaces says "If a process has a capability in a user namespace, then it has that capability in all child (and further removed descendant) namespaces as well.", so I expect to have them everywhere. Even weirder, if I try to do chmod 755 /mnt/lost+found, it fails with EOVERFLOW (Value too large for defined data type), which man 2 chmod doesn't even mention as a possible error from that syscall. Is what I'm seeing intentional behavior, or a bug? If it's intentional, why? And either way, is there any workaround other than unmounting and remounting it without ID mapping enabled?