Firstly, check if the userId associated with the device (that is, the user that gets logged in when you call DeviceAuthenticationRequest) already has a Facebook account associated with them. You can check this in the player collection under 'externalIds' or 'externalAuthentications' - you should see an 'FB' field here if there's an existing Facebook association.
If this is the case, subsequent FacebookConnectRequests using a different Facebook user's access token will result in a new player rather than unlinking the current player's Facebook id and linking the new Facebook id. If you need to work around this for the purposes of testing, you could perform a SocialDisconnectRequest following your DeviceAuthenticationRequest (to remove any existing Facebook association on the current player), then execute your FacebookConnectRequest.
Alternatively, it could be caused by manually deleting players. We advise against manually modifying system collections in any way as it can lead to unexpected behavior (you can use SparkPlayer.deletePlayer() to delete players).
It may be what is happening is that, although the player was being deleted, the associated entry in the externalAuthentication collection remained, with a reference to the deleted player. Subsequent FacebookConnectRequests found this externalAuthentication document, looked for the associated player, on upon failing to find them, created a new player.