I'm assuming the reason they are not used is that something about the
special form allows fast discrete logarithm computations
Yes, the Special Number Field Sieve (SNFS) which is a faster version of the General Number Field Sieve (GNFS). More specifically the best known discrete logarithm computation with the GNFS was with a 768-bit safe prime. The best known result with SNFS is 1039-bit for factoring (which should have comparable work-load as discrete log) and 1024-bit for discrete log (using a specifically crafted prime).
As you can see, while 2048-bit or larger primes aren't feasible with the SNFS either, these primes have a structural weakness, which cryptographers like to avoid. Actually the cost of picking larger primes to defend against SNFS probably would probably far outweigh the gains from the special form and the faster reduction.
Reductions modulo Mersenne primes are extremely fast
Which is why the "256-bit security" NIST elliptic curve P-521 uses $2^{521}-1$ as the underlying field-prime.
Same question also applies to pseudo-Mersenne primes, of the form $2^n−c$ for small $c$, which also have fast reductions.
Which was done with Curve25519 which uses $2^{255}-19$ as the underlying field-prime.
