Thanks for the answer.
Well, the actual problem is that one of my STA has only the capability of handling HT SHORT-GI-20, and from the debug log file from hostapd, the negotiation result is set the HT Cap. to 0x2C (see the log below), which indicate the short-gi-20 supported by hostapd. But unfortunately the driver doesn't support the short-gi-20. So the result is that the STA is not able to successfully complete the 4-way handshake with the AP.
So I think either the driver shall support short-gi-20 or the hostapd shall negotiate with the STA not to use SHORT-GI-20 if the driver doesn't support it. Might be bug in hostapd if the driver really can't support SGI-20.
Here I attached some log from hostapd:
==================================
......
authentication: STA=20:59:a0:3c:42:c4 auth_alg=0 auth_transaction=1 status_code=0 wep=0
New STA
wlan0: STA 20:59:a0:3c:42:c4 IEEE 802.11: authentication OK (open system)
wlan0: STA 20:59:a0:3c:42:c4 MLME: MLME-AUTHENTICATE.indication(20:59:a0:3c:42:c4, OPEN_SYSTEM)
wlan0: STA 20:59:a0:3c:42:c4 MLME: MLME-DELETEKEYS.request(20:59:a0:3c:42:c4)
authentication reply: STA=20:59:a0:3c:42:c4 auth_alg=0 auth_transaction=2 resp=0 (IE len=0)
wlan0: Event TX_STATUS (18) received
wlan0: Event TX_STATUS (18) received
mgmt::auth cb
wlan0: STA 20:59:a0:3c:42:c4 IEEE 802.11: authenticated
wlan0: Event RX_MGMT (20) received
mgmt::assoc_req
association request: STA=20:59:a0:3c:42:c4 capab_info=0x411 listen_interval=3
Validating WMM IE: OUI 00:50:f2 OUI type 2 OUI sub-type 0 version 1 QoS info 0x0
new AID 1
nl80211: Set beacon (beacon_set=1)
HT: STA 20:59:a0:3c:42:c4 HT Capabilities Info: 0x002c
update_sta_ht STA 20:59:a0:3c:42:c4 - no greenfield, num of non-gf stations 1
update_sta_ht STA 20:59:a0:3c:42:c4 - 20 MHz HT, num of 20MHz HT STAs 1
hostapd_ht_operation_update current operation mode=0x0
hostapd_ht_operation_update new operation mode=0x6 changes=2
nl80211: Set beacon (beacon_set=1)
wlan0: STA 20:59:a0:3c:42:c4 IEEE 802.11: association OK (aid 1)
wlan0: Event TX_STATUS (18) received
mgmt::assoc_resp cb
wlan0: STA 20:59:a0:3c:42:c4 IEEE 802.11: associated (aid 1)
wlan0: STA 20:59:a0:3c:42:c4 MLME: MLME-ASSOCIATE.indication(20:59:a0:3c:42:c4)
wlan0: STA 20:59:a0:3c:42:c4 MLME: MLME-DELETEKEYS.request(20:59:a0:3c:42:c4)
wpa_driver_nl80211_set_key: ifindex=9 alg=0 addr=0x715fa0 key_idx=0 set_tx=1 seq_len=0 key_len=0
addr=20:59:a0:3c:42:c4
wlan0: STA 20:59:a0:3c:42:c4 WPA: event 1 notification
wpa_driver_nl80211_set_key: ifindex=9 alg=0 addr=0x715fa0 key_idx=0 set_tx=1 seq_len=0 key_len=0
addr=20:59:a0:3c:42:c4
IEEE 802.1X: Ignore STA - 802.1X not enabled or forced for WPS
wlan0: STA 20:59:a0:3c:42:c4 WPA: start authentication
WPA: 20:59:a0:3c:42:c4 WPA_PTK entering state INITIALIZE
wpa_driver_nl80211_set_key: ifindex=9 alg=0 addr=0x715fa0 key_idx=0 set_tx=1 seq_len=0 key_len=0
addr=20:59:a0:3c:42:c4
wlan0: STA 20:59:a0:3c:42:c4 IEEE 802.1X: unauthorizing port
WPA: 20:59:a0:3c:42:c4 WPA_PTK_GROUP entering state IDLE
WPA: 20:59:a0:3c:42:c4 WPA_PTK entering state AUTHENTICATION
WPA: 20:59:a0:3c:42:c4 WPA_PTK entering state AUTHENTICATION2
WPA: Re-initialize GMK/Counter on first station
GMK - hexdump(len=32): [REMOVED]
Key Counter - hexdump(len=32): [REMOVED]
GTK - hexdump(len=16): [REMOVED]
wpa_driver_nl80211_set_key: ifindex=9 alg=3 addr=0x455a24 key_idx=1 set_tx=1 seq_len=0 key_len=16
broadcast key
WPA: Assign ANonce - hexdump(len=32): 9f 59 3e ea 67 63 0e 40 8a 41 9d f4 e4 4a 3a 5f 02 00 bd e4 93 b6 bc f4 4f 1c f3 f3 d7 bd 29 ae
WPA: 20:59:a0:3c:42:c4 WPA_PTK entering state INITPSK
WPA: 20:59:a0:3c:42:c4 WPA_PTK entering state PTKSTART
wlan0: STA 20:59:a0:3c:42:c4 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=8 kde_len=0 keyidx=0 encr=0)
WPA: Use EAPOL-Key timeout of 100 ms (retry counter 1)
nl80211: Event message available
nl80211: New station 20:59:a0:3c:42:c4
wlan0: Event TX_STATUS (18) received
wlan0: STA 20:59:a0:3c:42:c4 WPA: EAPOL-Key timeout
WPA: 20:59:a0:3c:42:c4 WPA_PTK entering state PTKSTART
wlan0: STA 20:59:a0:3c:42:c4 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=8 kde_len=0 keyidx=0 encr=0)
WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 2)
......
=================================
Also the"iw list" for the driver info:
root@OpenWrt:~# iw list
Wiphy phy0
Band 1:
Capabilities: 0x11ce
HT20/HT40
SM Power Save disabled
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-7
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (disabled)
* 2472 MHz [13] (disabled)
* 2484 MHz [14] (disabled)
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
Coverage class: 1 (up to 450m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP (00-0f-ac:4)
* CMAC (00-0f-ac:6)
Available Antennas: TX 0x1 RX 0x1
Configured Antennas: TX 0x1 RX 0x1
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* WDS
* monitor
* mesh point
* P2P-client
* P2P-GO
software interface modes (can always be added):
* AP/VLAN
* monitor
interface combinations are not supported
Supported commands:
* new_interface
* set_interface
* new_key
* new_beacon
* new_station
* new_mpath
* set_mesh_params
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* remain_on_channel
* set_tx_bitrate_mask
* action
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* Unknown command (82)
* Unknown command (81)
* Unknown command (84)
* Unknown command (87)
* Unknown command (85)
* connect
* disconnect
Supported TX frame types:
* IBSS: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
* managed: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
* AP: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
* AP/VLAN: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
* mesh point: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
* P2P-client: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
* P2P-GO: 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 0x0060 0x0070 0x0080 0x0090 0x00a0 0x00b0 0x00c0 0x00d0 0x00e0 0x00f0
Supported RX frame types:
* IBSS: 0x00d0
* managed: 0x0040 0x00d0
* AP: 0x0000 0x0020 0x0040 0x00a0 0x00b0 0x00c0 0x00d0
* AP/VLAN: 0x0000 0x0020 0x0040 0x00a0 0x00b0 0x00c0 0x00d0
* mesh point: 0x00b0 0x00c0 0x00d0
* P2P-client: 0x0040 0x00d0
* P2P-GO: 0x0000 0x0020 0x0040 0x00a0 0x00b0 0x00c0 0x00d0
Device supports RSN-IBSS.
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports HT-IBSS.
root@OpenWrt:~#