One thing that does stand out is that the malta memory map
has the full 2G of RAM starting at 0x80000000, but also
has a 256M window (alias) into that RAM starting at 0.
I think that if the kernel is linked such that it loads
at the 0 alias address rather than the 0x80000000 full-ram
address then when QEMU puts the initrd immediately
after the kernel it will run off the end of the alias window.
You could test this theory by putting some printfs in the
load_kernel() function in hw/mips/mips_malta.c to see what
addresses the kernel and initrd are being put at.
If the initrd is being put properly into the high part
of RAM then the problem may be in the kerneli if it
tries to refer to it via the limited-size alias window.