It's not a bug.
When I access my test installation and visit
http://test-installation-URL/wp-includes/admin-bar.php I get this in my error log.
2014/06/07 08:41:53 [error] 1963#0: *35 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function add_action() in /usr/share/nginx/www/wp-includes/admin-bar.php on line 48" while reading response header from upstream, client: 10.1.1.26, server: test-host-here, request: "GET /wp-includes/admin-bar.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "test-host-here"
On my test install I'm running nginx but the error is the same for apache2.
Here's why: that
admin-bar.php is not supposed to be called directly. It lacks the included files that will permit the other needed functions to work by itself.
When it references a function called
add_action() PHP does not know what that is or where that function lives. It was never meant to be called directly like that.
What calls it is
/wp-settings.php in line 154.
require( ABSPATH . WPINC . '/admin-bar.php' );
Which is at the end of a very long list of
Scroll up after that link.
This line explains it with
// Load most of WordPress.
If the rest of those includes (or at least one of them) is not loaded then you get that error. That's not a bug, that's what is supposed to happen when you call that file directly.
When I use the dashboard correctly that error does not appear. When I call that file directly then yes, that's what happens.
Again, my guess is that someone or something is probing installations looking for compromised versions of that file.