Could HMAC output be the same for different key and message pairs

Could the output of the HMAC be the same if I used different keys and messages?

Example:

Out1 = HMAC(key1, msg1)
Out2 = HMAC(key2, msg2)

Could Out1=Out2 under any condition?

Solution

In short, you can't find such pairs better than negligible probability when the search is computationally bounded.

HMAC is a Pseudo-Random Function (PRF) under the assumption that the used hash function is PRF.

What you are looking for a collision for the HMAC. In theory, it is possible to find such pairs that they will collide.

If you use a n bit output then the collision probability of two pairs is 1/2^n for the fixed key. If HMAC is initiated with SHA256 then the collision of two random pairs will be 1/2^256. By the birthday paradox, you will need around 2^128 pairs to find a collision with 50% under the same key.

A similar calculation can be performed with random keys, too.

Password hashing, salt and storage of hashed values
Salt and hashing, why not use username?
Does has_secure_password use any form of salting?
Salt Generation and open source software
Do I need to store the salt with bcrypt?
Ethereum: how to generate a valid address from the public key?
I want to change the values of P and G for diffiehellman in openssl
Point addition using Elliptic Curve calculations on Java Card
How to encrypt decrypt with Node.js crypto module?
AES 256 Encryption/Decryption without IV
Python 3 Fernet Decryption Succeeds with Slightly Modified Encryption Key
Validate ECDsa with SHA256 Signature in .NET
Full text search on encrypted data
Convert Ed25519 public key to x25519 public key in Java
Transforming a password to a 256-bit key
Decrypting a p7m file using CNG
Why Am I Getting Different Cipher Outputs Between Node.js and PHP When Reading Large Files by Chunks?
is SHA-512 collision resistant?
ROT2 cipher resulting in different than expected characters when deciphered with Python
Given a plain text and a possible cipher text, determine whether the cipher text can be formed from the plain text using the mentioned scheme
how to convert output of a cipher text to numeric digits?
Replicating hkdf2 key derivation in C
Problem with installing Charm-Crypto for Python3
How do one-way hash functions work? (Edited)
Bókun signature generation; what am I missing?
Why do people use bouncycastle instead of Java's built in JCE provider? What is the difference?
How to get cipher text as result of encryption using aes cbc 128 bit with open ssl in c language
Implementing encryption/decryption in Typescript using Web Crypto API
c# Digital signature generation and verification
Why is my key size generated from rsaKeygen() always 19?