$ sudo LANG=C cryptsetup --debug open /dev/sdf lukstest
# cryptsetup 2.1.0 processing "cryptsetup --debug open /dev/sdf lukstest"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdf.
# Trying to open and read device /dev/sdf with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sdf.
# Crypto backend (OpenSSL 1.1.1c  28 May 2019) initialized in cryptsetup library version 2.1.0.
# Detected kernel Linux 4.19.51-gentoo x86_64.
# Loading LUKS2 header (repair disabled).
# Opening lock resource file /run/cryptsetup/L_8:80
# Acquiring read lock for device /dev/sdf.
# Verifying read lock handle for device /dev/sdf.
# Device /dev/sdf READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdf
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:021bc014f5fdd7f2c8b18495f7abef2379f2ea0c1c684044a16d2f47a3da2139 (on-disk)
# Checksum:021bc014f5fdd7f2c8b18495f7abef2379f2ea0c1c684044a16d2f47a3da2139 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Opening locked device /dev/sdf
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:cb74ff7a0e19e7c8704208a04790c5faf3556899f521434cafa0d0ab9e8e5f4f (on-disk)
# Checksum:cb74ff7a0e19e7c8704208a04790c5faf3556899f521434cafa0d0ab9e8e5f4f (in-memory)
# Device size 160041885696, offset 16777216.
# Device /dev/sdf READ lock released.
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Activating volume lukstest using token -1.
# Interactive passphrase entry requested.
Enter passphrase for /dev/sdf: 
# Activating volume lukstest [keyslot -1] using passphrase.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Detected dm-ioctl version 4.39.0.
# Detected dm-integrity version 1.2.0.
# Detected dm-crypt version 1.18.1.
# Device-mapper backend running with UDEV support enabled.
# dm status lukstest  [ opencount noflush ]   [16384] (*1)
# Keyslot 0 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Reading keyslot area [0x8000].
# Userspace crypto wrapper cannot use aes-xts-plain64 (-2).
# Keyslot 0 (luks2) open failed with -2.
# Releasing crypt device /dev/sdf context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).