This work addresses reasoning-layer denial-of-service (R-DoS) attacks against large language model agents in multi-step tool-augmented tasks, where adversaries significantly inflate inference costs without compromising task correctness. To this end, the paper introduces OTora, the first unified red-teaming framework for R-DoS. OTora integrates adversarial trigger optimization with in-context learning (ICL)-guided genetic search, leveraging perception-aware scoring, dynamic target co-evolution, and agent-aware payload generation to craft stealthy attacks efficiently in both black-box and white-box settings. Experiments demonstrate that OTora induces up to a 10× increase in inference tokens and an order-of-magnitude latency overhead on agent benchmarks such as WebShop, Email, and OS, while preserving task accuracy nearly on par with baseline performance, using foundation models including LLaMA-70B and GPT-OSS-120B.

Large Language Models (LLMs) are increasingly deployed as autonomous agents that execute tool-augmented, multi-step tasks, where latency is a critical factor for real-world applications. Yet an overlooked threat is Reasoning-Level Denial-of-Service (R-DoS), in which an attacker preserves task correctness but degrades availability by inflating an agent's reasoning depth or tool-use budget. We introduce OTora, the first unified, two-stage red-teaming framework for instantiating R-DoS attacks. Stage I optimizes an adversarial trigger that induces targeted tool invocations using insertion-aware scoring and dynamic target co-evolution, supporting both black-box and white-box settings. Stage II generates agent-aware reasoning payloads via an ICL-guided genetic search that amplifies overthinking while maintaining correct task outcomes. Across WebShop, Email, and OS agents built on multiple backbone models such as LLaMA-70B and GPT-OSS-120B, OTora achieves up to 10 times increases in reasoning tokens and order-of-magnitude latency slowdowns, all while preserving near-baseline task accuracy. Finally, we discuss mitigation strategies for detecting and constraining abnormal reasoning and latency spikes. The code is available at https://github.com/llm2409/OTora.