On the 6.2 instance, goto /content/rep:policy/allow50 and get the value of rep:principalName and run the below query(depending on allow or deny) to check if there are any duplicate ACLs under /content/rep:policy. Delete ACL and proceed with the upgrade.
If you are not able to delete the rep:policy node directly, remove mixins rep:rep:AccessControllable, delete the duplicate ACL and re add mixins after deletion
 select * from [rep:GrantACE] where [rep:principalName]='principalName'
 select * from [rep:DenyACE] where [rep:principalName]='principalName'
Another thought, on 6.4 you could try oak run tool  matching your AEM's oak version to delete the node /content/rep:policy/allow50 when AEM is not running by using the script  and start AEM. More details can be found on  - Step #3