How does password reset work if 2FA is enabled?

Technically, this is a question about how you should implement 2FA (or how you should expect it to be implemented), since there's nothing inherent in 2FA that answers your questions in either direction. With that said, there are certainly best practices.

2FA (or multi-factor authentication in general) should apply whenever the user is being asked to prove their identity in any way (that is, to authenticate). So you should prompt for MFA when the user is doing anything where you would normally request a password (such as changing their current password or email address, or changing MFA settings). You should also prompt for MFA any time the user is doing anything that takes the place of a password, such as clicking a link in a password reset email.

For your three scenarios, #1 is unlikely just because requesting a password reset email usually doesn't require any authentication at all, so it'd be an odd place to put a MFA demand. However, using the email in any way - that is, actually resetting the password - should require MFA. So #2 is technically incorrect - an attacker can't reset the password - but it's true that they can't log in either. The correct answer is sort of "#1.5".

However, again, "which one actually happens" will depend 100% entirely on how that particular service implemented MFA, and there's no guarantee they've done it correctly. I've seen sites that do it like #3.