diff --git a/cmd/ztest/ztest.c b/cmd/ztest/ztest.c
index adbf60c60..8cc6a6ff9 100644
--- a/cmd/ztest/ztest.c
+++ b/cmd/ztest/ztest.c
@@ -2763,6 +2763,13 @@ ztest_mmp_enable_disable(ztest_ds_t *zd, uint64_t id)
 	if (zo->zo_mmp_test)
 		return;
 
+	/*
+	 * Since enabling MMP involves setting a property, it could not be done
+	 * while the pool is suspended.
+	 */
+	if (spa_suspended(spa))
+		return;
+
 	spa_config_enter(spa, SCL_CONFIG, FTAG, RW_READER);
 	mutex_enter(&spa->spa_props_lock);
 
diff --git a/man/man8/zpool.8 b/man/man8/zpool.8
index 52604c139..42aef91f9 100644
--- a/man/man8/zpool.8
+++ b/man/man8/zpool.8
@@ -1013,6 +1013,9 @@ Clears device errors in a pool.
 If no arguments are specified, all device errors within the pool are cleared.
 If one or more devices is specified, only those errors associated with the
 specified device or devices are cleared.
+If multihost is enabled, and the pool has been suspended, this will not
+resume I/O.  While the pool was suspended, it may have been imported on
+another host, and resuming I/O could result in pool damage.
 .It Xo
 .Nm
 .Cm create
diff --git a/module/zfs/zfs_ioctl.c b/module/zfs/zfs_ioctl.c
index f4aea57d4..ab40ae185 100644
--- a/module/zfs/zfs_ioctl.c
+++ b/module/zfs/zfs_ioctl.c
@@ -5251,6 +5251,13 @@ zfs_ioc_clear(zfs_cmd_t *zc)
 	if (error != 0)
 		return (error);
 
+	/*
+	 * If multihost is enabled, resuming I/O is unsafe as another
+	 * host may have imported the pool.
+	 */
+	if (spa_multihost(spa) && spa_suspended(spa))
+		return (SET_ERROR(EINVAL));
+
 	spa_vdev_state_enter(spa, SCL_NONE);
 
 	if (zc->zc_guid == 0) {