There is a bug in nrf_bootloader_wdt_init() in nrf_bootloader_wdt.c that can cause all DFUs to fail for long WDT reload values. I found this bug because I'm using a really long (3 hour) WDT as a safety net for battery-operated devices that will spend 10+ years unmanned in the field.
The WDT is a 32-bit timer with 32-bit reload value (CRV), but the RTC is a 24-bit timer. nrf_bootloader_wdt_init() attempts to automatically pet (or "feed") the watchdog before it fires by starting a timer that is set to fire slightly before the WDT fires. If the WDT CRV was set to a value greater than 16780566 (24-bit plus reload buffer time), then when the wdog pet timer start function call eventually gets to timer_activate(), it will assert because the timer value is too large for the 24-bit RTC.
I think the proper fix should be that nrf_bootloader_wdt_init() sets the reduced_timeout_ticks value to be a max of 0xffffff. It's better to pet the dog early than to reset the board every time you're trying to DFU new firmware.
