BPDU guard enable in global or in interface ?

 - Check current software version , use an advisory release , if applicable : https://software.cisco.com/download/home/286320185/type/282046477/release/Amsterdam-17.3.4b  . check if that can help

 M.

show spanning-tree summary
we look to two interface maybe the global BPDU filter make this issue not the PortFast and BPDU Guard,
so do show command and please share here will will get full look to all STP feature in SW.

 - I once had exactly the same problem on a 4506 (environment) , several of that servicing our office environment. The problem became quite a hassle because of mishaps by helpdesk-staff or sometimes users plugging in wires at outlets without knowing what they are doing.  As a workaround I ended up configuring port security on all user-connections with a maximum of 3 mac addresses allowed (the latter being an arbitrary number). I could also not figure out why the bpdu measures would not activate , because everything was configured correctly , as yours. The only explanation that remains that some sort of 'layer 1' loop is created and that bpdu's are not present, perhaps related to the particular architecture , then the problem only happening when a real-local-loop is made and no other switches are involved. To confirm that , one would need to be able to tap the loop and analyze the traffic , checking if bpdu's aren seen at all , here is a 'good link' https://www.lastbreach.com/blog/physical-wiretapping-for-beginners (....) , whether all of that is a productive effort remains to be seen (indeed).  Meaning it could mean that span-port  analyzing is not good enough  and not all data are seen (e.g.)

 M.

explain from My point of View
1- config BPDU filter in global, this make all enable PortFast have BPDU filter, 
please note:- BPDU filter not send any BPDU
2-config the PortFast and BPDU guard under interface, BPDU work if the port receive the BPDU then the port will go to err-disable 

trick here 
in f0/1 now have 
portfast enable 
BPDU guard enable 
BPDU filter enable "not send BPDU"

in f0/2 now have 
portfast enable 
BPDU guard enable 
BPDU filter enable "not send BPDU"

NOW STP is loop detect using not broadcast or any traffic but use BPDU to detect loop, STP work with control not data plane.

interconnect both f0/1 and f0/2

f0/1 & f0/2 must go to err-disable why not do that ?
because BPDU guard must first see BPDU incoming and then the port will go to err-disable, 
here because BPDU filter the both port not Send BPDU and both port not receive the BPDU from each other.... OMG

here the loop happened because the control plane don't detect loop because of BPDU no Send from both port.

data plane will see both port as forward and hence use it, 
broadcast broadest....
the network is down.

this my opinion in your case.

Hello
Just because you enabled portfast and bpdu guard, doesn’t mean those two ports were participating in spanning-tree ,

Check to see if the vlans they assigned to were enable for spanning, if stp was disable you would incurr issues especailly on the specific switch, its cpu would max out?