diff --git a/build/config/modules-arm64.list b/build/config/modules-arm64.list
index 92ae51f..424ad9a 100644
--- a/build/config/modules-arm64.list
+++ b/build/config/modules-arm64.list
@@ -60,10 +60,12 @@ nft_fib_ipv6
 # Loading these at boot (stage 30) is mandatory because stage 85 sets
 # kernel.modules_disabled=1, which would otherwise block kube-proxy from
 # auto-loading them on first rule install.
-nft_numgen     # numgen random/inc mod N vmap — Service endpoint LB
-nft_hash       # hash — consistent-hash LB for sessionAffinity=ClientIP
-nft_limit      # rate-limit expression
-nft_log        # log expression
+# (Note: list parser only honours full-line "#"-prefixed comments, NOT
+# inline "module # comment". Keep module names on their own line.)
+nft_numgen
+nft_hash
+nft_limit
+nft_log
 
 # Reject targets (used by kube-proxy iptables-restore rules)
 nf_reject_ipv4
diff --git a/build/config/modules.list b/build/config/modules.list
index 983728b..405e259 100644
--- a/build/config/modules.list
+++ b/build/config/modules.list
@@ -56,10 +56,11 @@ nft_fib_ipv6
 
 # nft expressions used by the Kubernetes 1.34+ nftables kube-proxy backend.
 # Must be loaded at stage 30 because stage 85 sets modules_disabled=1.
-nft_numgen     # numgen random/inc mod N vmap — Service endpoint LB
-nft_hash       # hash — consistent-hash LB for sessionAffinity=ClientIP
-nft_limit      # rate-limit expression
-nft_log        # log expression
+# (Parser ignores full-line "#" comments only — keep module names alone.)
+nft_numgen
+nft_hash
+nft_limit
+nft_log
 
 # Reject targets (used by kube-proxy iptables-restore rules)
 nf_reject_ipv4
diff --git a/build/scripts/inject-kubesolo.sh b/build/scripts/inject-kubesolo.sh
index 19d8fda..6ad3dd9 100755
--- a/build/scripts/inject-kubesolo.sh
+++ b/build/scripts/inject-kubesolo.sh
@@ -224,9 +224,14 @@ if [ -f "$CUSTOM_VMLINUZ" ] && [ -d "$CUSTOM_MODULES/lib/modules/$KVER" ]; then
     fi
 
     while IFS= read -r mod; do
-        # Skip comments and blank lines
-        case "$mod" in \#*|"") continue ;; esac
-        mod=$(echo "$mod" | xargs)  # trim whitespace
+        # Strip any inline "# comment" tail before further processing —
+        # several entries in the upstream lists started carrying inline
+        # docs and silently broke module loading because modprobe got
+        # passed "name # comment" as the module name.
+        mod="${mod%%#*}"
+        # Skip blank-or-comment-only lines
+        case "$mod" in "") continue ;; esac
+        mod=$(echo "$mod" | xargs)  # trim whitespace + collapse internal
         [ -z "$mod" ] && continue
 
         if [ "$MODPROBE_WORKS" = true ]; then