Finding a place to inject shellcode

I am following the tutorial for ROP Primer, level0.
The tutorial sets the memory at the beginning of [vdso] writeable and executable and copies the shellcode there.

I do not know why, but it seems that mprotect fails for me:

(pyhton exp.py; cat) | strace ./level0
...
mprotect(0xb7fff000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC) = -1 ENOMEM (Cannot allocate memory)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xa7fff804} ---
+++ killed by SIGSEGV +++

I changed the target address to 0x8048000 (got with vmmap in gdb-peda).
Now mprotect does not return -1, but I still receive SIGSEGV:

(pyhton exp.py; cat) | strace ./level0
...
mprotect(0x8048000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x88048804} ---
+++ killed by SIGSEGV +++

I have examined memory addresses, the single difference from the tutorial was that the shellcode ended up at 0xbfff764 instead of 0xbfff754, and I adjusted the python script accordingly.

I do not understand why I am getting these errors, especially because I am using a downloaded virtual machine. How can I get the shellcode run?

UPDATE: I do not know if it has anything to do with the problem, but if I set a target address for mprotect (and later I expect eip to point there too) to an address which is outside from the mapped address space (according to gdb), si_addr in the above error message will contain this address. But id the address belongs to the program’s address space, si_addr will be different (and probably invalid), like above.

And if I execute it in gdb the region is set properly executable, and even the shellcode is executed.