This sounds like the problem we hit: if a server deletes a printer and recreates it as a class, all other servers doing browse-poll to that server crash.
Problem appears to be in process_browse_data in dirsvc.c. If an entry comes in with the class bit set, it checks to see if there is already a class of that name but doesn't check if there is a printer of that name. So it creates another entry with same name which ends up pointing to the same mime type entry as the first printer. Then when the first (printer) entry times out and is deleted the mime type entry is deleted out from under the second entry.
I fixed it in cups 1.3.4 with the following patch: