I believe the recent hostapd may have introduced a bug or has some race in it. I get these random disassociations for clients that are active and just authenticated. What's worse is the client doesn't try to associate again until I toggle its wifi off/on. The log looks a bit strange to me:
...
Mon Mar 15 19:18:08 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: authorizing port
Mon Mar 15 19:18:08 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session ***
Mon Mar 15 19:18:08 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
^^^ normal, the client keeps on going for many hours
-- this is the next entry in the log for this client:
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authentication OK (open system)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 0 notification
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-AUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, OPEN_SYSTEM)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Tue Mar 16 09:17:38 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: association OK (aid 2)
Tue Mar 16 09:17:38 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-REASSOCIATE.indication(xx:xx:xx:xx:xx:xx)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: binding station to interface 'wlan0'
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 1 notification
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (4/4 Pairwise)
Tue Mar 16 09:17:38 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: authorizing port
Tue Mar 16 09:17:38 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session ***
Tue Mar 16 09:17:38 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
-- 2 seconds later, event 2 and disassociated for inactivity. Why?
Tue Mar 16 09:17:40 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 2 notification
Tue Mar 16 09:17:40 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: unauthorizing port
Tue Mar 16 09:17:40 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
Tue Mar 16 09:17:40 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DISASSOCIATE.indication(xx:xx:xx:xx:xx:xx, 8)
Tue Mar 16 09:17:40 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Tue Mar 16 09:17:41 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Tue Mar 16 09:17:41 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DEAUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, 2)
Tue Mar 16 09:17:41 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
I set option disassoc_low_ack '0' and I no longer see IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) but the client still disconnects 2 seconds after it connects:
Sun Mar 21 10:39:02 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: authorizing port
Sun Mar 21 10:39:02 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session ...
Sun Mar 21 10:39:02 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
--- 2 seconds later ---
Sun Mar 21 10:39:04 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 2 notification
Sun Mar 21 10:39:04 2021 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: unauthorizing port
Sun Mar 21 10:39:04 2021 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
What's interesting is that there's only 1 client out of about 15 that gets this WPA: event 2 notification and quick disconnect behavior. It is frustrating because it's my main laptop, a 2018 MacBook Pro.
Here's a redacted version of the 5GHz setup (/tmp/run/hostapd-phy0.conf). This is the one I really care about, the 2.4GHz is for some IoT devices and don't mind if they get disconnected occasionally as long as they get back on.
I use 3 SSIDs, each on its own VLAN, hence the multiple entries. My R7800 runs in plain AP mode, it doesn't do anything else, there's another wired router that does everything else.
I do not find this event 2. If it is defined in https://w1.fi/wpa_supplicant/devel/driver_8h_source.html, then it could be EVENT_MICHAEL_MIC_FAILURE, but this is just guessing, and I do not detect any error message parts that fit to your log. Unfortunately I do not know the correct source files.
What you could do is to increase your hostapd log level to verbose_debug as described in https://serverfault.com/questions/685199/monitor-wifi-association-attempts
and provide the section between authentication and disconnection that belongs to this STA.
If event 2 = EVENT_MICHAEL_MIC_FAILURE, then it's kinda strange, as I read it that applies to TKIP, but I'm using psk2+ccmp. Though I do have 802.11r Fast Transition enabled with local PSK, maybe there is a bug somewhere and things get confused. This event 2 error shows up for a Mac client and from what I can gather, macOS doesn't support 802.11r and this client is in the same spot, it should not even try to roam.
Not exactly sure what this means though and how it may confuse things:
macOS supports static PMKID (Pairwise Master Key identifier) caching to help optimize roaming between BSSIDs in the same ESSID. macOS doesn't support Fast BSS Transition, also known as 802.11r.