cr0x.net — Hard Problems. Clean Solutions.
English

ZFS Special VDEV Failure: How to Survive the Nightmare Scenario

December 31, 2025 • February 3, 2026 • Read: 24 min • Views: 18

Was this helpful?

You wake up to a page: latency is up, apps are timing out, and someone has pasted a single line into chat:
special vdev. If you know, you know.

A special vdev is the performance cheat code you can’t afford to lose. When it fails, it doesn’t just slow things down.
It can strand metadata, block directory traversal, and take your “fine” pool into a very public incident.
This is the survival guide I wish more teams had printed before they decided “one fast SSD is probably fine.”

What a special vdev really is (and why it’s different)

A special vdev is an allocation class in ZFS designed to hold metadata and (optionally) small file blocks.
It’s not a cache. It’s not a write buffer. It’s not “nice-to-have SSD tiering.”
It is actual pool storage, participating in redundancy rules—except many people configure it like a scratch disk.

Special vdev: what it stores

  • Metadata: block pointers, indirect blocks, dnodes, directory structures, spacemaps, etc.
  • Optionally small blocks: depending on special_small_blocks, small file data can be placed on special.
  • Not a cache: unlike L2ARC, data on special is authoritative and required if allocated there.

The part that bites: allocation permanence

Once a block is allocated to a special vdev, it lives there until it is rewritten elsewhere.
If you lose the only copy, ZFS can’t “reconstruct” it from slower disks. There is no magic “rebuild metadata from parity”
if the metadata never existed on the main vdevs.

Special vdev failures are brutal because metadata is the map. Losing the map means you can have the territory (your data blocks)
and still not find your way to them.

Interesting facts and historical context (because the past repeats itself)

  1. Allocation classes came later: special vdevs arrived after ZFS had already built its reputation, so many older “ZFS best practices” documents ignore them.
  2. The feature was influenced by real-world pain: large rust pools with tiny files were fast at streaming, slow at “ls -lR,” and ops demanded a fix that wasn’t “buy more RAM.”
  3. ZFS has always treated metadata as first-class: checksums, copy-on-write, and self-healing were designed to protect structure as much as content.
  4. People confuse it with SLOG: because both are “fast devices you add,” but SLOG is about sync writes; special is about persistent placement.
  5. Spacemaps matter: modern ZFS uses spacemaps to track free space; if special holds critical spacemaps and it dies, importing the pool can become impossible.
  6. Small-block offload became popular with virtualization: VM images and container layers produce tons of metadata and small random IO; special vdevs often cut latency dramatically.
  7. Failure domains got weirder: with special vdevs, your pool can be “RAIDZ2” on HDDs and “single SSD” for metadata. The pool’s true redundancy becomes “single SSD.”
  8. Endurance is a real constraint: metadata and small blocks are write-heavy; consumer SSDs have died early in special duty, especially with atime or chatty workloads.

One dry rule: if you would feel uncomfortable storing your filesystem superblock on a single device, don’t store your ZFS metadata that way either.

Nightmare scenarios: what actually happens when it breaks

Scenario A: special vdev is degraded, pool still imports, everything is slow and weird

This is the “lucky” case. A device in a mirrored special vdev is failing but not dead.
Reads may retry, latency spikes, ZFS starts throwing checksum errors, and your application begins timing out.
Most teams waste precious time blaming the network, then the hypervisor, then the database. Meanwhile, metadata reads are grinding through a dying SSD.

Scenario B: special vdev is gone, pool won’t import

If special was single-disk (or the mirror lost too many members), you can end up with an un-importable pool.
ZFS may report missing devices, or worse: it “imports” but datasets fail to mount or directory traversal returns I/O errors.
At that point you are not doing “disk replacement.” You are doing incident response with a filesystem surgeon’s kit.

Scenario C: pool suspends during IO

ZFS can suspend a pool when it detects errors severe enough that continuing would risk further corruption.
You’ll see “pool I/O is currently suspended” and services will fall over in a synchronized heap.
Treat this as a safety brake, not an annoyance.

Joke #1: A suspended pool is ZFS saying, “I can keep going, but I’d rather not be blamed later.” It’s the most responsible software in your rack.

Scenario D: you “fix” it and performance never comes back

Sometimes recovery succeeds but the pool now runs with metadata on HDDs because you removed special or it stopped being used effectively.
The system is “up,” but users complain the UI feels like it’s rendered over dial-up. You’ve survived the fire; now you’re living in the smoke.

What determines how bad it gets

  • Redundancy of the special vdev: mirror vs single; mirror width; device quality.
  • How much was allocated to special: just metadata, or metadata plus small blocks.
  • How long it ran in a degraded state: retries and corruption compound; resilver time increases.
  • Operational hygiene: scrubs, alerts, spare devices, and documented recovery steps.

Fast diagnosis playbook (first/second/third)

This is the order that tends to cut through confusion. The goal is to answer three questions quickly:
“Is the pool safe?” “Is the special vdev involved?” “What’s the fastest safe action?”

First: confirm pool health and identify special vdev state

  • Run zpool status -v and look specifically for special class vdevs and error counts.
  • Check whether the pool is SUSPENDED, DEGRADED, or FAULTED.
  • Scan dmesg/system logs for NVMe resets, timeouts, or device removals.

Second: determine blast radius (metadata-only vs small blocks too)

  • Check zfs get special_small_blocks on major datasets.
  • Look for symptoms: directory listings slow (metadata), or small file reads failing (small blocks on special).
  • Check pool feature flags and whether special is required for import (it usually is if blocks are allocated there).

Third: choose a safe action path

  • If special is mirrored and only one device failed: replace immediately, then scrub, then watch resilver.
  • If special is single and failed: stop improvising. Decide between restoring from backup, attempting device recovery, or specialized forensic import attempts.
  • If pool is suspended: stabilize hardware, export if possible, and plan a controlled import; do not keep hammering it with application retries.

The only “fast fix” is the one that doesn’t make recovery worse. Many teams lose the pool by doing frantic writes during a metadata failure.

Hands-on recovery tasks (commands, outputs, decisions)

Below are practical tasks you can run on a Linux host with OpenZFS. Commands are real. Outputs are representative.
The point isn’t the exact wording; it’s what you infer and what you do next.

Task 1: Identify the failure and confirm it’s special

cr0x@server:~$ sudo zpool status -v tank
  pool: tank
 state: DEGRADED
status: One or more devices has experienced an unrecoverable error.
action: Replace the device using 'zpool replace'.
  scan: scrub repaired 0B in 0 days 00:19:21 with 0 errors on Thu Dec 26 01:10:12 2025
config:

        NAME                        STATE     READ WRITE CKSUM
        tank                        DEGRADED     0     0     0
          raidz2-0                  ONLINE       0     0     0
            ata-HDD1                ONLINE       0     0     0
            ata-HDD2                ONLINE       0     0     0
            ata-HDD3                ONLINE       0     0     0
            ata-HDD4                ONLINE       0     0     0
            ata-HDD5                ONLINE       0     0     0
            ata-HDD6                ONLINE       0     0     0
        special
          mirror-1                  DEGRADED     7     0   118
            nvme-SAMSUNG_SSD_A      FAULTED     7     0   118  too many errors
            nvme-SAMSUNG_SSD_B      ONLINE       0     0     0

errors: No known data errors

What it means: the pool is degraded because a device inside the special class is faulted.
Reads/CKSUM errors on special are especially serious because that’s where metadata lives.

Decision: replace the faulted NVMe immediately. Don’t “wait for a maintenance window.” You are already in one.

Task 2: Check if the pool is suspended

cr0x@server:~$ sudo zpool status tank | sed -n '1,12p'
  pool: tank
 state: ONLINE
status: Some supported and requested features are not enabled on the pool.
action: The pool can be imported using its name or numeric identifier.
  scan: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        tank        ONLINE       0     0     0

What it means: no suspension here. If you saw state: SUSPENDED, that changes the play: stop IO, stabilize, and plan a controlled recovery.

Decision: continue with replacement and resilver while limiting workload, but you don’t need emergency export/import gymnastics yet.

Task 3: Correlate with kernel errors (timeouts/resets)

cr0x@server:~$ sudo dmesg -T | tail -n 12
[Thu Dec 26 02:14:03 2025] nvme nvme1: I/O 123 QID 6 timeout, completion polled
[Thu Dec 26 02:14:03 2025] nvme nvme1: Abort status: 0x371
[Thu Dec 26 02:14:04 2025] nvme nvme1: controller is down; will reset: CSTS=0x3, PCI_STATUS=0x10
[Thu Dec 26 02:14:06 2025] nvme nvme1: Removing after probe failure status: -19

What it means: the device disappeared or repeatedly reset. This is not a “ZFS bug.” This is hardware/firmware/power/PCIe path instability.

Decision: treat the device as unreliable even if it comes back after a reboot. Replace it; don’t trust it with metadata again.

Task 4: Identify by-id names (avoid the wrong disk problem)

cr0x@server:~$ ls -l /dev/disk/by-id/ | egrep 'nvme-SAMSUNG_SSD_A|nvme-SAMSUNG_SSD_B'
lrwxrwxrwx 1 root root 13 Dec 26 01:59 nvme-SAMSUNG_SSD_A -> ../../nvme1n1
lrwxrwxrwx 1 root root 13 Dec 26 01:59 nvme-SAMSUNG_SSD_B -> ../../nvme0n1

What it means: you have stable identifiers. Good. If you only use /dev/nvme1n1, you’re one reboot away from replacing the wrong thing.

Decision: do all ZFS operations using /dev/disk/by-id paths.

Task 5: Confirm dataset policy for small blocks (blast radius check)

cr0x@server:~$ sudo zfs get -r -o name,property,value special_small_blocks tank
NAME                 PROPERTY              VALUE
tank                 special_small_blocks  0
tank/vm              special_small_blocks  16K
tank/home            special_small_blocks  0
tank/containers      special_small_blocks  8K

What it means: some datasets are placing small file blocks on special (vm, containers).
A special vdev loss here is not just “metadata inconvenience.” It can take actual file contents with it.

Decision: prioritize recovery for those datasets; consider tighter redundancy and more conservative thresholds later.

Task 6: Check whether special devices are mirrored (they should be)

cr0x@server:~$ sudo zpool status tank | sed -n '/special/,$p'
        special
          mirror-1                  DEGRADED     7     0   118
            nvme-SAMSUNG_SSD_A      FAULTED     7     0   118  too many errors
            nvme-SAMSUNG_SSD_B      ONLINE       0     0     0

errors: No known data errors

What it means: mirrored special vdev. You still have a copy of metadata. You’re in “repair mode,” not “forensics mode.”

Decision: replace the failed member and resilver ASAP, while keeping the surviving SSD healthy (watch temperatures, queue depth, errors).

Task 7: Replace the failed special device

cr0x@server:~$ sudo zpool replace tank nvme-SAMSUNG_SSD_A /dev/disk/by-id/nvme-SAMSUNG_SSD_NEW
cannot open 'nvme-SAMSUNG_SSD_A': no such device in pool

What it means: you used the wrong identifier string. ZFS wants the vdev name exactly as shown in zpool status, or the GUID path.

Decision: copy-paste the exact token from zpool status or use zpool status -g to reference the GUID safely. 

cr0x@server:~$ sudo zpool status -g tank | sed -n '/special/,$p'
        special
          mirror-1                  DEGRADED
            12293847561234567890    FAULTED  too many errors
            99887766554433221100    ONLINE

What it means: GUIDs are available. This avoids name ambiguity if device paths changed.

Decision: replace by GUID. 

cr0x@server:~$ sudo zpool replace tank 12293847561234567890 /dev/disk/by-id/nvme-SAMSUNG_SSD_NEW
invalid vdev specification
use '-f' to override the following errors:
/dev/disk/by-id/nvme-SAMSUNG_SSD_NEW is part of potentially active pool 'rpool'

What it means: the new device contains old ZFS labels (maybe it came from another host, or it was previously used).
This is common with “we had one on the shelf” drives.

Decision: wipe ZFS labels on the new disk carefully, then retry replacement.

Task 8: Wipe old labels on the replacement disk (carefully)

cr0x@server:~$ sudo zpool labelclear -f /dev/disk/by-id/nvme-SAMSUNG_SSD_NEW

What it means: label cleared successfully (it’s silent on success).

Decision: proceed with zpool replace. 

cr0x@server:~$ sudo zpool replace tank 12293847561234567890 /dev/disk/by-id/nvme-SAMSUNG_SSD_NEW
cr0x@server:~$ sudo zpool status tank | sed -n '/scan/,$p'
  scan: resilver in progress since Thu Dec 26 02:21:12 2025
        19.2G scanned at 1.12G/s, 2.88G issued at 170M/s, 19.2G total
        2.90G resilvered, 14.98% done, 0:01:12 to go
config:

        NAME                          STATE     READ WRITE CKSUM
        tank                          DEGRADED     0     0     0
          raidz2-0                    ONLINE       0     0     0
            ata-HDD1                  ONLINE       0     0     0
            ata-HDD2                  ONLINE       0     0     0
            ata-HDD3                  ONLINE       0     0     0
            ata-HDD4                  ONLINE       0     0     0
            ata-HDD5                  ONLINE       0     0     0
            ata-HDD6                  ONLINE       0     0     0
        special
          mirror-1                    DEGRADED     0     0     0
            replacing-0               DEGRADED     0     0     0
              12293847561234567890    FAULTED     0     0     0  too many errors
              nvme-SAMSUNG_SSD_NEW    ONLINE       0     0     0  (resilvering)
            99887766554433221100      ONLINE       0     0     0

What it means: resilver is in progress; ZFS is reconstructing the missing replica onto the new SSD.
During this window, the surviving SSD is your only good copy of metadata. Protect it.

Decision: reduce workload if possible, avoid reboots, and monitor IO errors on the surviving device.

Task 9: Monitor resilver completion and error counts

cr0x@server:~$ watch -n 10 'sudo zpool status tank'
  pool: tank
 state: ONLINE
  scan: resilvered 19.2G in 0 days 00:03:18 with 0 errors on Thu Dec 26 02:24:30 2025
config:

        NAME                        STATE     READ WRITE CKSUM
        tank                        ONLINE       0     0     0
          raidz2-0                  ONLINE       0     0     0
            ata-HDD1                ONLINE       0     0     0
            ata-HDD2                ONLINE       0     0     0
            ata-HDD3                ONLINE       0     0     0
            ata-HDD4                ONLINE       0     0     0
            ata-HDD5                ONLINE       0     0     0
            ata-HDD6                ONLINE       0     0     0
        special
          mirror-1                  ONLINE       0     0     0
            nvme-SAMSUNG_SSD_NEW    ONLINE       0     0     0
            nvme-SAMSUNG_SSD_B      ONLINE       0     0     0

errors: No known data errors

What it means: resilver finished cleanly. You have redundancy again.

Decision: now scrub and validate; do not declare victory on a resilver alone.

Task 10: Run a scrub to confirm end-to-end checksums

cr0x@server:~$ sudo zpool scrub tank
cr0x@server:~$ sudo zpool status tank | sed -n '1,18p'
  pool: tank
 state: ONLINE
  scan: scrub in progress since Thu Dec 26 02:27:01 2025
        412G scanned at 1.88G/s, 64.1G issued at 291M/s, 2.41T total
        0B repaired, 2.59% done, 0 days 02:19:31 to go

What it means: scrub is reading and verifying checksums across the pool, repairing from redundancy when possible.

Decision: let it finish. If it reports repairs, investigate why (bad cable, flaky controller, dying disk).

Task 11: Check SMART/NVMe health for the surviving and new devices

cr0x@server:~$ sudo smartctl -a /dev/nvme0n1 | egrep -i 'critical_warning|media_errors|percentage_used|data_units_written'
Critical Warning:                   0x00
Percentage Used:                   12%
Media and Data Integrity Errors:   0
Data Units Written:                9,812,334

What it means: no critical warning, low wear, no media errors. This SSD looks healthy.

Decision: keep it. If Media and Data Integrity Errors or Critical Warning are non-zero, plan replacement even if ZFS is currently happy.

Task 12: Measure whether metadata is the bottleneck (latency triage)

cr0x@server:~$ sudo zpool iostat -v tank 2 3
                              capacity     operations     bandwidth
pool                        alloc   free   read  write   read  write
--------------------------  -----  -----  -----  -----  -----  -----
tank                         1.2T  1.1T    820    410  62.1M  28.4M
  raidz2-0                   1.2T  1.1T    120    360  51.2M  26.9M
    ata-HDD1                    -      -     20     60  8.40M  4.60M
    ata-HDD2                    -      -     19     60  8.22M  4.58M
    ata-HDD3                    -      -     21     60  8.62M  4.56M
    ata-HDD4                    -      -     20     60  8.51M  4.51M
    ata-HDD5                    -      -     20     60  8.70M  4.54M
    ata-HDD6                    -      -     20     60  8.75M  4.55M
special                         -      -    700     50  10.9M  1.50M
  mirror-1                      -      -    700     50  10.9M  1.50M
    nvme-SAMSUNG_SSD_NEW         -      -    350     25  5.40M  0.76M
    nvme-SAMSUNG_SSD_B           -      -    350     25  5.50M  0.74M
--------------------------  -----  -----  -----  -----  -----  -----

What it means: high operation count on special relative to bandwidth suggests metadata-heavy IO (lots of small random reads).
That’s normal for directory scans, containers, metadata churn.

Decision: if special latency is high or erroring, fix special first. If special is healthy but raidz is maxed, your bottleneck is elsewhere.

Task 13: Confirm special vdev usage and metadata pressure

cr0x@server:~$ sudo zdb -bbbs tank | sed -n '1,24p'
Dataset tank [ZPL], ID 53, cr_txg 5, 3.12T, 2 objects
Object  lvl   iblk   dblk  dsize  dnsize  lsize   %full  type
     1    2   128K    16K  3.20K    512   16.0K  100.0  DMU dnode
    17    1   128K    16K  3.20K    512   16.0K  100.0  ZAP

What it means: zdb can show you metadata structures and sizes. It’s not a day-to-day tool, but it’s useful for proving “this workload is metadata-heavy.”

Decision: if your environment is dominated by tiny files/VM metadata, size special accordingly and mirror it like you mean it.

Task 14: If import fails, list importable pools and missing devices

cr0x@server:~$ sudo zpool import
   pool: tank
     id: 1234567890123456789
  state: UNAVAIL
status: One or more devices are missing from the system.
action: The pool cannot be imported. Attach the missing devices and try again.
   see: zpool-import(8)
config:

        tank                        UNAVAIL  missing device
          raidz2-0                  ONLINE
            ata-HDD1                ONLINE
            ata-HDD2                ONLINE
            ata-HDD3                ONLINE
            ata-HDD4                ONLINE
            ata-HDD5                ONLINE
            ata-HDD6                ONLINE
        special
          nvme-SAMSUNG_SSD_A         UNAVAIL

What it means: the pool is unavailable because the special vdev device is missing. If that special was single-disk, this is as bad as it looks.

Decision: do not attempt random -f imports. Your best move is to recover that device path (hardware fix) or pivot to backup/replica recovery.

Task 15: If the pool is suspended, confirm and stop churn

cr0x@server:~$ sudo zpool status -x
pool 'tank' is suspended

What it means: ZFS has paused IO to protect integrity. Your applications will keep retrying and make everything worse.

Decision: stop high-volume services, fence the host if needed, and work on storage recovery without a thundering herd.

Task 16: Verify special vdev is actually present in pool layout (post-recovery audit)

cr0x@server:~$ sudo zpool get -H -o property,value ashift,autotrim tank
ashift  12
autotrim on

What it means: ashift is fixed at pool creation; mismatch can affect performance and SSD longevity. autotrim helps SSD behavior over time.

Decision: keep autotrim=on for SSD-backed special vdevs unless you have a specific reason not to. If ashift is wrong, plan a migration; don’t “tune” your way out.

Three corporate mini-stories from the trenches

Mini-story 1: The incident caused by a wrong assumption

A mid-sized SaaS company rolled out new storage for a container platform. The engineer doing the build had a clean mental model:
mirrored HDD vdevs for capacity, and a “fast SSD” for metadata. He’d used L2ARC before and assumed special vdev behaved similarly.
“Worst case we lose some performance,” he told the team. It sounded reasonable. No one pushed back.

The workload was a classic metadata blender: layers of container images, tons of small config files, and a CI system that untarred and deleted trees all day.
The special SSD quickly became hot—not in bandwidth, but in IOPS. It also became the most important device in the pool.
They didn’t have alerts on its NVMe media errors because the monitoring template was built around HDD SMART.

One Friday, the SSD started throwing resets. ZFS marked it faulted. The pool became unavailable on reboot.
Their first response was to “just import with force,” because the rust vdevs were fine and they could see all disks.
The import didn’t work. Then they tried again. And again. Meanwhile, automation kept attempting mounts and starting services, spamming the host with IO.

Eventually someone noticed the pool config included a special vdev and that it was a single point of failure.
The fix wasn’t clever: they located an identical SSD model, moved it to a known-good slot, and managed to recover the original device enough to clone it at the block level.
That salvage bought them an import and a chance to send data elsewhere.

The postmortem takeaway was painfully basic: a special vdev isn’t optional storage. It’s structural.
Their assumption (“it’s like cache”) cost them a weekend and forced a hard look at how many other “fast add-ons” were actually critical path.

Mini-story 2: The optimization that backfired

A finance org had a ZFS pool backing user home directories and a lot of tiny project files. Performance complaints were constant:
slow searches, slow directory traversal, slow IDE indexing. Storage got blamed, then network, then the endpoints.
Someone suggested special vdevs with special_small_blocks=128K on the main dataset. “Put everything small on SSD, problem solved.”

It did solve the performance complaints. For a while.
Indexing got faster, git operations improved, and the helpdesk queue dropped. The storage team declared success and moved on.
But the special devices were small enterprise SSDs sized for “metadata,” not “metadata plus a mountain of small file content.”

Six months later, the pool was healthy but the special vdev was near full. ZFS didn’t immediately explode, it just got awkward:
allocations became constrained, fragmentation increased, and some operations got slower again.
Then one SSD hit a burst of media errors and the mirror resilver had to write a lot of data—because special held a lot of actual file blocks.

The resilver took longer than expected, and the surviving SSD was hammered. It survived, but only after a tense day of watching error counters.
They were lucky. The optimization changed the failure mode from “metadata device dies, you replace it quickly” to “special device holds critical user file blocks and is heavily written during resilver.”

The retrospective wasn’t “never use special_small_blocks.” It was “treat it like tier-0 storage.”
If you’re going to store data blocks there, size it, mirror it properly, and monitor it like it’s production-critical—because it is.

Mini-story 3: The boring but correct practice that saved the day

A media company ran ZFS for a mixed workload: VM storage, build artifacts, and a lot of small assets.
Their storage lead was aggressively unromantic about it. Every pool had a mirrored special vdev, and every special mirror had same-model SSDs with power-loss protection.
They scrubbed on a schedule, tested restores, and had a standing runbook for “replace special member” with copy-paste commands.

One afternoon, an NVMe drive in the special mirror started logging media errors.
Monitoring caught it because they had explicit alerts for NVMe error metrics and ZFS checksum errors, not just “disk is online.”
The on-call didn’t debate. They cordoned heavy jobs, replaced the drive, and watched the resilver.

The resilver completed quickly. They ran a scrub. No repairs. No drama.
Most of the company never knew anything happened, which is the correct outcome for a storage incident.

The best part: the team had also documented which datasets used special_small_blocks and why.
So when leadership asked “could we reduce SSD spend next quarter,” they didn’t hand-wave.
They showed which workloads depended on special and what failure would look like. Budget conversations got easier because reality was already written down.

Common mistakes: symptoms → root cause → fix

1) Symptom: Pool won’t import, rust vdevs look fine

  • Root cause: missing single-disk special vdev (metadata allocated there is required for import).
  • Fix: recover the missing device path (hardware/PCIe/power), or restore from backup/replication. If special was not mirrored, your options are limited and ugly.

2) Symptom: “ls” and stat-heavy workloads are painfully slow, but throughput tests look okay

  • Root cause: special vdev degraded or unhealthy; metadata reads are retrying, causing latency amplification.
  • Fix: check zpool status -v, zpool iostat -v, and NVMe logs; replace failing special member; scrub afterward.

3) Symptom: After replacement, performance still worse than before

  • Root cause: special vdev removed/never used as expected, or special_small_blocks policy changed and data isn’t being reallocated.
  • Fix: confirm dataset properties; understand that existing blocks don’t move unless rewritten; plan a rewrite-based migration (send/recv or re-copy) if you need to repopulate special.

4) Symptom: Pool suspends during peak load

  • Root cause: severe IO errors on special vdev causing ZFS to protect itself; sometimes a failing HBA/backplane makes it worse.
  • Fix: stop IO churn, stabilize hardware, then replace devices. Don’t keep services retrying into a suspended pool.

5) Symptom: Special vdev keeps filling up unexpectedly

  • Root cause: special_small_blocks set high on datasets with lots of small-to-medium files; special now stores significant file data.
  • Fix: lower special_small_blocks for new allocations (it won’t move old blocks), add capacity to special (mirrored vdevs), and plan a data rewrite if you must evacuate.

6) Symptom: Resilver takes forever and the pool is sluggish

  • Root cause: special vdev contains large volume of small blocks; resilver is metadata/IOPS-heavy and competes with production.
  • Fix: schedule resilver under reduced load, ensure SSD thermal throttling isn’t happening, and consider wider mirrors or faster devices for special.

7) Symptom: You replaced a disk and now a different disk “vanished”

  • Root cause: device naming instability, wrong slot, bad backplane, or relying on /dev/nvmeXn1 names.
  • Fix: use /dev/disk/by-id; verify cabling/PCIe lanes; avoid hotplug chaos without a plan.

Prevention that works (and what’s cargo cult)

Mirror special vdevs. Always.

If you remember one thing: a single-disk special vdev makes your entire pool depend on that one device.
That’s not “a bit risky.” That’s a design error.
Mirror it, ideally with two devices of the same model and endurance class. If your environment is genuinely critical, consider 3-way mirroring.

Choose SSDs like an adult

Metadata and small-block IO are write-heavy and latency-sensitive. You want:
power-loss protection, predictable latency under load, and endurance that matches your churn.
Consumer SSDs can work in lab conditions and betray you in production at 2 a.m., which is when hardware expresses its feelings.

Joke #2: Consumer SSDs in special duty are like interns with root access—sometimes brilliant, sometimes catastrophic, always happening at the worst possible time.

Be deliberate with special_small_blocks

special_small_blocks is powerful. It’s also the easiest way to turn “metadata device” into “contains user data blocks.”
That may be exactly what you want for VM boot storms, container layers, or small-file-heavy repos.
But it changes your capacity planning, resilver behavior, and failure blast radius.

  • If you set it: size special for data, not just metadata.
  • Keep it dataset-specific: do not blanket-apply across a pool unless you understand every workload on it.
  • Document why: future-you will forget and blame the wrong thing.

Monitor what matters (ZFS plus NVMe)

You want alerts on:
ZFS checksum errors, device errors, resilver/scrub anomalies, and NVMe media/data integrity errors.
“Disk is online” is a useless metric. Disks can be online and lying.

Operational discipline beats heroics

Scheduled scrubs catch latent issues before a rebuild forces you to read everything under pressure.
Known-good spares reduce the temptation to use random reclaimed drives with mystery history.
A runbook reduces the chance of fat-fingering the wrong vdev when adrenaline is doing your typing.

One reliability quote (paraphrased idea)

Paraphrased idea: Gene Kranz’s operations mindset: be “tough and competent” in crises—stay disciplined, use checklists, and don’t improvise your way into worse failure.

Checklists / step-by-step plan

Checklist A: When special vdev goes DEGRADED (mirrored)

  1. Run zpool status -v; confirm errors are on special and identify device token/GUID.
  2. Freeze risky changes: stop deployments, postpone reboots, reduce IO-heavy batch jobs.
  3. Check kernel logs for resets/timeouts; confirm it’s not a shared controller/backplane issue.
  4. Validate you have the right replacement device and clear old labels if needed.
  5. Run zpool replace; monitor resilver progress and error counts.
  6. After resilver, run a scrub; verify “0 errors.”
  7. Post-incident: pull SMART/NVMe logs, record failure mode, and adjust monitoring thresholds.

Checklist B: When special vdev is UNAVAIL and pool won’t import

  1. Run zpool import; identify missing device(s) and confirm it’s special.
  2. Stop. Do not loop forced imports. Each attempt can worsen device stress or create confusion.
  3. Work hardware first: reseat, move to known-good slot, check BIOS/PCIe errors, power, cables/backplane.
  4. If the device can be seen even intermittently, prioritize data recovery: clone it, image it, or keep it stable long enough for import.
  5. If special was not mirrored and device is dead: pivot to backups/replication. Be honest about it; don’t promise magic.
  6. After recovery: rebuild pool design. Single special vdev should be treated as a “never again.”

Checklist C: After recovery (the part teams skip)

  1. Confirm pool is ONLINE and scrub clean.
  2. Verify special_small_blocks settings on critical datasets and document rationale.
  3. Audit special vdev capacity and headroom; plan expansion before it’s tight.
  4. Review monitoring: ZFS errors, NVMe health, temperature throttling, PCIe AER events.
  5. Run a restore test or a replication failover drill within the month. If you don’t test it, you don’t have it.

FAQ

1) Is a special vdev basically the same as L2ARC?

No. L2ARC is cache; losing it is annoying. Special is authoritative storage; losing it can prevent import or make files inaccessible.

2) Is a special vdev basically the same as SLOG?

No. SLOG accelerates synchronous writes for certain workloads and can be removed with limited consequences. Special holds metadata and possibly data blocks.

3) If I mirror my main vdevs with RAIDZ2, do I still need to mirror special?

Yes. Pool redundancy is constrained by the least-redundant, required component. A single special device can become the real single point of failure.

4) What’s the safest special_small_blocks setting?

For many mixed workloads: 0 (metadata only) is the safest. If you set it, do it per dataset and size special for actual data storage.

5) Can I remove a special vdev after I added it?

In practice, you should assume “no” for operational planning. Even if your platform supports certain removal scenarios, blocks allocated there must be handled safely.
Treat special as a permanent part of the pool design.

6) If a special device is failing, should I reboot?

Not as a first move. Reboots can reshuffle device names, trigger additional resets, and reduce the chance of stable recovery.
Replace the device under controlled conditions if possible.

7) Why does everything look fine in throughput benchmarks but users complain?

Many user-visible operations are metadata-heavy: directory traversal, stat calls, small file opens.
Special vdev issues hit IOPS/latency first, not sequential throughput.

8) After replacing special, do I still need a scrub?

Yes. Resilver restores redundancy for allocated blocks but does not replace an end-to-end verification pass.
Scrub confirms integrity across the whole pool and can surface other weak devices.

9) Can I “recover” from losing a single-disk special vdev without backups?

Sometimes you can recover if the device isn’t truly dead (intermittent visibility, firmware quirks, slot issues).
If it’s gone for real and it was the only copy, expect data loss and plan around backups/replication.

10) What’s the best early warning that special is in trouble?

Rising checksum errors on special, NVMe media/data integrity errors, and kernel logs showing timeouts/resets.
Latency spikes with low bandwidth are also a classic sign.

Conclusion: next steps you can do this week

Special vdev failure is one of those incidents where the technical truth is blunt: if you made metadata dependent on a single device, you made the whole pool dependent on it.
The way out is not clever commands. It’s redundancy, verification, and a refusal to treat tier-0 devices like accessories.

Do these next

  • Audit: run zpool status and confirm special vdevs are mirrored everywhere.
  • Policy check: inventory special_small_blocks by dataset; decide where it’s justified and where it’s accidental.
  • Monitoring: alert on ZFS checksum errors and NVMe media/data integrity errors, not just “online.”
  • Practice: rehearse a special member replacement on a non-production pool; make it boring.
  • Backups/replication: validate that you can restore or fail over without heroics. If you can’t, fix that before the next drive decides to retire.

The nightmare scenario becomes survivable when you treat special vdevs as what they are: the filesystem’s nervous system.
Protect it, monitor it, and when it twitches, act like it matters.

← Previous
NAT Through VPN: Connect Conflicting Networks Without Breaking Services
Next →
Itanium: how “the future of servers” became a punchline
Similar articles
ZFS Pool Recovery Basics: The Steps That Avoid Making It Worse ZFS Special VDEV Sizing: How Big It Should Be (So You Don’t Regret It) ZFS redundant_metadata: When More Metadata Copies Actually Matter Proxmox ZFS “pool is not healthy”: what to do before it gets worse ZFS Silent Corruption: What ZFS Detects That RAID Often Misses ZFS zpool status: Reading Health Like a Forensics Analyst

Related articles

ZFS Pool Recovery Basics: The Steps That Avoid Making It Worse January 12, 2026 ZFS Special VDEV Sizing: How Big It Should Be (So You Don’t Regret It) December 19, 2025 ZFS redundant_metadata: When More Metadata Copies Actually Matter December 3, 2025 Proxmox ZFS “pool is not healthy”: what to do before it gets worse November 28, 2025 ZFS Silent Corruption: What ZFS Detects That RAID Often Misses November 22, 2025 ZFS zpool status: Reading Health Like a Forensics Analyst November 6, 2025 ZFS NVMe-only pool tuning: Latency, IRQs, and the Real Limits October 24, 2025 ZFS Metadata-Only Reads: How Special VDEV Changes the Game October 20, 2025 ZFS Corrupt Labels: Fixing Import Failures the Right Way February 2, 2026 ZFS SAS vs SATA timeouts: Why SAS Feels ‘More Stable’ Under Stress February 2, 2026

Leave a comment