Facebook knows his phone. He can change his password by getting SMS on his phone on file.
However, after login, facebook will ask him to verify with SMS.
The problem is, facebook does not have country code on this second phone.
It's as if the guy have 2 phone numbers on file at facebook. First is with country code. Another is without country code.
When changing password, facebook uses the correct phone, with country code.
When verifying facebook uses the phone number that's without the country code.
Here is the screenshot
Of course the guy never got SMS from facebook to that phone. There is no country code there.
However, if he clicks forget password one of the option is to verify by SMS. This time, facebook will send SMS and he will receive it. So facebook knows his number. The bug means facebook uses a different phone for verification.