Missing Alert - http.request body (alone) and http.request_body/url_decode in a single rule

I update with Suricata 6.0.1 and I run Suricata using a rule file containing the following 3 rules.

rule 1: alert http any any -> any any (msg:“detect XSS)”; flow:established,to_server; http.request_body; url_decode; content:"("; nocase; fast_pattern; sid:1001;)
rule 2: alert http any any -> any any (msg:“detect XSS)”; flow:established,to_server; http.request_body; pcre:"/\b(fromcharcode|alert|eval)\s*(/Pi"; sid:1002;)
rule 3: alert http any any -> any any (msg:“detect XSS)”; flow:established,to_server; http.request_body; url_decode; content:"("; nocase; fast_pattern; http.request_body; pcre:"/\b(fromcharcode|alert|eval)\s*(/Pi";sid:1003;)

And I get 1 alert in total.

But when I load the signatures separately in three tests I get 2 alerts for rule 1 and rule 2.

The test pcap file is attached here.test.pcap (1015 Bytes)

I think this could be fixed by https://github.com/OISF/suricata/pull/5658, are you able to test that?

Yes, I test it with the newly fix. It shows the same result. They are probably not the same reason why alert is missing.