CC2652R1: IBUSERR when jumping from bootloader to application

I am trying to jump from my bootloader to an application. I have two test application for this. One is a very simple while loop where a single variable keeps incrementing until it reaches 1000 and then gets reset to 0. Jumping to this application works, but when I use the pwmled2 example provided by the simplelink cc13x2 25x2 3.4 example I end up in the faultISR. I can see the PC being loaded with what should be the correct address, it then jumps to this address and when I go one step further using the debugger I end up in faultISR. I can not see what is happening at that address using the disassembly tool of Code Composer Studio because it just says Memory map prevented reading 0x001F1F1E.

I put the code I used on github in case someone want to give it a try: https://github.com/VincentKen/bootloader-cc2652. I upload the application over UART using a python script and the Intel Hex format.

This is the code I use to jump to the application:

void startApp(uint32_t sp) {
    asm(" LDR SP, [R0, #0x0]");
    asm(" LDR PC, [R0, #4]");
}

This is the test project that does work:

void main(void)
{
    unsigned int test = 0;
    while (1) {
        test++;
        if (test % 1000 == 0) {
            test = 0;
        }
    }

}

This is the linker file of the bootloader:

--stack_size=1024   /* C stack is also used for ISR stack */

--heap_size=256

/* Retain interrupt vector table variable                                    */
--retain=g_pfnVectors
/* Override default entry point.                                             */
--entry_point ResetISR
/* Allow main() to take args                                                 */
--args 0x8
/* Suppress warnings and errors:                                             */
/* - 10063: Warning about entry point not being _c_int00                     */
/* - 16011, 16012: 8-byte alignment errors. Observed when linking in object  */
/*   files compiled using Keil (ARM compiler)                                */
--diag_suppress=10063,16011,16012

#define FLASH_BASE 				0x0
#define FLASH_SIZE				0x58000
#define RAM_BASE                0x20000000
#define RAM_SIZE                0x14000
#define GPRAM_BASE              0x11000000
#define GPRAM_SIZE              0x2000

#define FLASH_START				FLASH_BASE

#define PAGE_SIZE				0x2000

#define BOOT_BASE				0x50000
#define BOOT_END				CERT_START - 1
#define BOOT_SIZE				((BOOT_END) - (BOOT_BASE) + 1)

#define APP_BASE				0x0
#define APP_END					BOOT_BASE
#define APP_SIZE				BOOT_BASE

#define FLASH_CCFG_START		0x00057FA8
#define FLASH_CCFG_END			(FLASH_START + FLASH_SIZE - 1)
#define FLASH_CCFG_SIZE			((FLASH_CCFG_END) - (FLASH_CCFG_START) + 1)

#define FLASH_FNPTR_START		FLASH_CCFG_START - 8
#define FLASH_FNPTR_END			FLASH_FNPTR_START + 3
#define FLASH_FNPTR_SIZE		4

#define CERT_END				FLASH_FNPTR_START - 1
#define CERT_SIZE				0x4C
#define CERT_START				CERT_END - CERT_SIZE + 1


/* System memory map */

MEMORY
{

	BOOT (RX)  : origin = BOOT_BASE, length = BOOT_SIZE

    APP (RWX) : origin = APP_BASE, length = APP_SIZE

    FLASH_CCFG (RX) : origin = FLASH_CCFG_START, length = FLASH_CCFG_SIZE
	FLASH_FNPTR (RX) : origin = FLASH_FNPTR_START, length = FLASH_FNPTR_SIZE
	FLASH_CERT (RX) : origin = CERT_START, length = CERT_SIZE

    /* Application uses internal RAM for data */
    SRAM (RWX) : origin = RAM_BASE, length = RAM_SIZE
    /* Application can use GPRAM region as RAM if cache is disabled in the CCFG
    (DEFAULT_CCFG_SIZE_AND_DIS_FLAGS.SET_CCFG_SIZE_AND_DIS_FLAGS_DIS_GPRAM = 0) */
    GPRAM (RWX): origin = GPRAM_BASE, length = GPRAM_SIZE
}



/* Create global constant that points to top of stack */
/* CCS: Change stack size under Project Properties    */
__STACK_TOP = __stack + __STACK_SIZE;


/* Section allocation in memory */

SECTIONS
{
    .intvecs        :   > BOOT_BASE
    .text           :   > BOOT
    .TI.ramfunc     : {} load=BOOT, run=SRAM, table(BINIT)
    .const          :   > BOOT
    .constdata      :   > BOOT
    .rodata         :   > BOOT
    .binit          :   > BOOT
    .cinit          :   > BOOT
    .pinit          :   > BOOT
    .init_array     :   > BOOT
    .emb_text       :   > BOOT
    .cert_element   :   > FLASH_CERT
	.fnPtr          :   > FLASH_FNPTR
	.ccfg           :   > FLASH_CCFG (HIGH)

    .vtable         :   > SRAM
    .vtable_ram     :   > SRAM
     vtable_ram     :   > SRAM
    .data           :   > SRAM
    .bss            :   > SRAM
    .sysmem         :   > SRAM
    .stack          :   > SRAM (HIGH)
    .nonretenvar    :   > SRAM

    .gpram          :   > GPRAM

}

And this is the linker file of the pwm led example:

/*
 * Copyright (c) 2017, Texas Instruments Incorporated
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * *  Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * *  Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * *  Neither the name of Texas Instruments Incorporated nor the names of
 *    its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/*
 *  ======== CC26X2R1_LAUNCHXL_NoRTOS.cmd ========
 */

--stack_size=1024   /* C stack is also used for ISR stack */

--heap_size=256

/* Retain interrupt vector table variable                                    */
--retain=g_pfnVectors
/* Override default entry point.                                             */
--entry_point main
/* Allow main() to take args                                                 */
--args 0x8
/* Suppress warnings and errors:                                             */
/* - 10063: Warning about entry point not being _c_int00                     */
/* - 16011, 16012: 8-byte alignment errors. Observed when linking in object  */
/*   files compiled using Keil (ARM compiler)                                */
--diag_suppress=10063,16011,16012

/* The following command line options are set as part of the CCS project.    */
/* If you are building using the command line, or for some reason want to    */
/* define them here, you can uncomment and modify these lines as needed.     */
/* If you are using CCS for building, it is probably better to make any such */
/* modifications in your CCS project and leave this file alone.              */
/*                                                                           */
/* --heap_size=0                                                             */
/* --stack_size=256                                                          */
/* --library=rtsv7M3_T_le_eabi.lib                                           */

/* The starting address of the application.  Normally the interrupt vectors  */
/* must be located at the beginning of the application.                      */
#define FLASH_BASE 				0x0
#define FLASH_SIZE				0x58000
#define RAM_BASE                0x20000000
#define RAM_SIZE                0x14000
#define GPRAM_BASE              0x11000000
#define GPRAM_SIZE              0x2000

#define FLASH_START				FLASH_BASE

#define PAGE_SIZE				0x2000

#define BOOT_BASE				0x50000
#define BOOT_END				CERT_START - 1
#define BOOT_SIZE				((BOOT_END) - (BOOT_BASE) + 1)

#define APP_BASE				0x0
#define APP_END					BOOT_BASE
#define APP_SIZE				BOOT_BASE

#define FLASH_CCFG_START		0x00057FA8
#define FLASH_CCFG_END			(FLASH_START + FLASH_SIZE - 1)
#define FLASH_CCFG_SIZE			((FLASH_CCFG_END) - (FLASH_CCFG_START) + 1)

#define FLASH_FNPTR_START		FLASH_CCFG_START - 8
#define FLASH_FNPTR_END			FLASH_FNPTR_START + 3
#define FLASH_FNPTR_SIZE		4

#define CERT_END				FLASH_FNPTR_START - 1
#define CERT_SIZE				0x4C
#define CERT_START				CERT_END - CERT_SIZE + 1

/* System memory map */

MEMORY
{
    APP (RWX) : origin = APP_BASE, length = APP_SIZE

    FLASH_CCFG (RX) : origin = FLASH_CCFG_START, length = FLASH_CCFG_SIZE

    /* Application uses internal RAM for data */
    SRAM (RWX) : origin = RAM_BASE, length = RAM_SIZE
    /* Application can use GPRAM region as RAM if cache is disabled in the CCFG
    (DEFAULT_CCFG_SIZE_AND_DIS_FLAGS.SET_CCFG_SIZE_AND_DIS_FLAGS_DIS_GPRAM = 0) */
    GPRAM (RWX): origin = GPRAM_BASE, length = GPRAM_SIZE
}

/* Section allocation in memory */

SECTIONS
{
    .intvecs        :   > APP_BASE
    .text           :   > APP
    .TI.ramfunc     : {} load=FLASH, run=SRAM, table(BINIT)
    .const          :   > APP
    .constdata      :   > APP
    .rodata         :   > APP
    .binit          :   > APP
    .cinit          :   > APP
    .pinit          :   > APP
    .init_array     :   > APP
    .emb_text       :   > APP
    .ccfg           :   > FLASH_CCFG (HIGH), TYPE=NOLOAD

    .vtable         :   > SRAM
    .vtable_ram     :   > SRAM
     vtable_ram     :   > SRAM
    .data           :   > SRAM
    .bss            :   > SRAM
    .sysmem         :   > SRAM
    .stack          :   > SRAM (HIGH)
    .nonretenvar    :   > SRAM

    .gpram          :   > GPRAM
}