diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e7226c5f99..0edb1bda9d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6910,6 +6910,7 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDef ***seclabels_rtn,
     for (i = 0; i < n; i++) {
         g_autofree char *model = NULL;
         g_autofree char *label = NULL;
+        int relabelSpecified;
         virTristateBool t;
 
         /* get model associated to this override */
@@ -6926,7 +6927,9 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDef ***seclabels_rtn,
             seclabels[i]->model = g_steal_pointer(&model);
         }
 
-        if (virXMLPropTristateBool(list[i], "relabel", VIR_XML_PROP_NONE, &t) < 0)
+        relabelSpecified = virXMLPropTristateBool(list[i], "relabel",
+                                                  VIR_XML_PROP_NONE, &t);
+        if (relabelSpecified < 0)
             goto error;
 
         seclabels[i]->relabel = true;
@@ -6953,6 +6956,15 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDef ***seclabels_rtn,
                            NULLSTR(seclabels[i]->model));
             goto error;
         }
+
+        if (relabelSpecified > 0 &&
+            flags & VIR_DOMAIN_DEF_PARSE_INACTIVE &&
+            seclabels[i]->relabel && !seclabels[i]->label) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("Cannot specify relabel if label is missing. model=%1$s"),
+                           NULLSTR(seclabels[i]->model));
+            goto error;
+        }
     }
 
     *nseclabels_rtn = nseclabels;
diff --git a/tests/qemuxml2argvdata/seclabel-device-relabel-invalid.err b/tests/qemuxml2argvdata/seclabel-device-relabel-invalid.err
new file mode 100644
index 0000000000..0bcdac9772
--- /dev/null
+++ b/tests/qemuxml2argvdata/seclabel-device-relabel-invalid.err
@@ -0,0 +1 @@
+XML error: Cannot specify relabel if label is missing. model=selinux
diff --git a/tests/qemuxml2argvdata/seclabel-device-relabel-invalid.xml b/tests/qemuxml2argvdata/seclabel-device-relabel-invalid.xml
new file mode 100644
index 0000000000..f5e2c418b6
--- /dev/null
+++ b/tests/qemuxml2argvdata/seclabel-device-relabel-invalid.xml
@@ -0,0 +1,35 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'>
+        <seclabel model='dac' relabel='no'/>
+        <seclabel model='selinux' relabel='yes'/>
+      </source>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='virtio'/>
+  </devices>
+  <seclabel type='static' model='selinux' relabel='no'>
+    <label>system_u:system_r:svirt_custom_t:s0:c192,c392</label>
+  </seclabel>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 2cc9bd074a..d914d8cbea 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1913,6 +1913,7 @@ mymain(void)
     DO_TEST_NOCAPS("seclabel-dac-none");
     DO_TEST_PARSE_ERROR_NOCAPS("seclabel-multiple");
     DO_TEST_PARSE_ERROR_NOCAPS("seclabel-device-duplicates");
+    DO_TEST_PARSE_ERROR_NOCAPS("seclabel-device-relabel-invalid");
 
     DO_TEST_CAPS_LATEST_PPC64("pseries-basic");
     DO_TEST_CAPS_LATEST_PPC64("pseries-vio");