The kernel returns to user mode at _start (0x34e8) + 0x10. A timer interrupt is taken immediately (all user mode instructions are printed), the kernel then reschedules the thread (as it is the only active one), but resumes at _start (0x34e8) + 0xc, 4 bytes (or one instruction) before the previous return.
See the attached screenshot for an example:
The kernel returns to user mode at _start (0x34e8) + 0x10. A timer interrupt is taken immediately (all user mode instructions are printed), the kernel then reschedules the thread (as it is the only active one), but resumes at _start (0x34e8) + 0xc, 4 bytes (or one instruction) before the previous return.